Term

Agreement: A proposal to which both the service and user agent agree. This agreement is applied within the realm and is often represented by a propID. The non-repudiability of such agreements will be strengthened by the support of certificate and digital signature capabilities in future versions of P3P; however this is not specified in version 1.0. We do provide the appropriate fields for the inclusion of such tokens within P3P1.0 (e.g. a digital signature from the assuring party.)
Data Element: An individual data entity, such as last name or telephone number. For interoperability, P3P 1.0 specifies a base set of data elements.
Data Category: A significant attribute of a data element or data set that may be used by a trust engine to determine what type of element is under discussion, such as "Contact Information." P3P 1.0 specifies 10 base data categories.
Data Set: A known grouping of data element, such as "User.Home.Postal.". A set is represented with a trailing period. P3P 1.0 specifies a number of base data sets.
Preference: A rule, or set of rules, that determines what action(s) a user agent will take or allow when involved in a conversation or negotiation with a service. A preference might be expressed as a formally defined computable statement (e.g., the [APPEL] preference exchange language). In this document, preferences govern the types of agreements that can be reached between a user agent and a service.
Proposal: A proposal is a collection of one or more privacy statements together with information asserting the identity, URI, assurances, and disclosures of the service covered by the proposal. A proposal is always created from the point of view of the service and contains identifying information for the service, but it may be created by the user and sent to the server for approval.
Realm: The realm is the experience space from which requests under a given agreement may be issued -- it broadly defines the area to which a proposal applies. It is referenced by one or more URIs. Each URI may name a specific resource or a set of resources qualified by the URI. For instance, in the HTTP URI scheme, a URI ending with an object (home.html) applies to that specific object, a URI that is a path http://www.w3.org/P3P/ references the file system tree below that path. If the proposal is not digitally signed, then each of the URIs must be from a domain that domain-matches the origin server. Domain matching is covered in the HTTP state management mechanism internet draft [STATE].
Repository: A mechanism for storing user information under the control of P3P.
Service: A program that issues proposals and (possibly) data requests. By this definition, a service may be a server (site), a local application, a piece of locally active code, such as an ActiveX control or Java applet, or even another user agent.
Statement: A P3P statement is a set of privacy practice disclosures relevant to a collection of data elements, sets, and categories. The enumerated elements act as an embedded data request. A statement which references no data, does not request any data.
URI: A Uniform Resource Identifier used to identify Web resources. For definitive information on URI syntax and semantics, see [URI].
User Agent: A program whose purpose is to mediate interactions with services on behalf of the user under the user's preferences. A user may have more than one user agent, and agents need not reside on the user's desktop, but any agent must be controlled by and act on behalf of only the user. The trust relationship between a user and her agent may be governed by constraints outside of P3P. For instance, an agent may be trusted as a part of the user's operating system or Web client, or as a part of the terms and conditions of an ISP or privacy proxy.

Return