IBM Corp. has submitted a draft of its EPAL (Enterprise Privacy Authorization Language) to the World Wide Web Consortium (W3C) to develop, the company announced last week.
IBM is turning EPAL over to the W3C in the hope that it will be turned into a standard that will help automate privacy management tasks, improve consumer trust and reduce the cost of privacy compliance, the company said in a statement Monday.
EPAL is a programming language based on XML (Extensible Markup Language) that will enable software developers to build security policy enforcement features directly into enterprise software applications. Using EPAL, personal data could have policies attached to it as it moves from application to application within an enterprise.
IBM introduced EPAL in July as a way to move beyond user identity-based security. The standard builds upon existing privacy specifications such as the Platform for Privacy Preferences (P3P), which was released by the W3C in April 2002.
The W3C released a comment, also on Monday, saying that the organization was "pleased to receive the EPAL Submission" from IBM. (See http://www.w3.org/Submission/2003/07/Comment.)
EPAL will be brought before the P3P Coordination Group as well as the P3P community for comments, suggestions and discussion about how the language should be developed, W3C said.
EPAL is beyond the scope of work for the P3P 1.1 specification, but may make its way into future P3P specifications, W3C said.