Ralf Lämmel, Ekaterina Pek. Vivisection of a Non-Executable, Domain-Specific Language - Understanding (the Usage of) the P3P Language. In ICPC '10: Proceedings of the 2010 IEEE 18th International Conference on Program Comprehension. IEEE Computer Society, Braga, Minho, Portugal, 2010. [doi]
P3P is the policy language with which websites declare the intended use of data that is collected about users of the site. We have systematically collected P3P-based privacy policies from websites listed in the Google directory, and analysed the resulting corpus with regard to different levels of validity, size or complexity metrics, different cloning levels, coverage of language constructs, and the use of the language’s extension mechanism. In this manner, we have found interesting characteristics of P3P in the wild. For instance, cloning is exceptionally common in this domain, and encountered language extensions exceed the base language in terms of grammar complexity. Overall, this effort helps understanding the de-facto usage of the non-executable, domain-specific language P3P. Some elements of our methodology may be useful for other software languages as well.