The Steps for Deploying P3P
The following graphic shows the steps for deploying P3P.
The following example shows a simple natural language policy.
At Green Jet Airlines, we care about your privacy. When you browse through our site, we collect information on the efficiency and working of our Web site. This information includes the number of times a web page is accessed, the browser used, and paths taken when moving through the Web site. We purge
this information yearly.
We also collect your zip code but will prompt you to enter it. With your permission, this information is aggregated with information collected from all visitors to our Web site and used for market analysis. This information might be provided to third parties. Once prompted for your zip code, you will not be prompted again if your browser privacy preferences allow cookies.
<DATA ref=”#business.name”>Green Jet Airlines</DATA>
<DATA ref=”#business.contact-info.postal.street”>8461 Main St.</DATA>
“NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”
The three-letter compact policy tokens map to element values in the full P3P policy. For example, the ACCESS element value, <nonident/>, and CATEGORIES element value, <demographic/>, in the preceding full P3P policy appear as the tokens NOI and DEM in the compact policy. DATA elements defined in the P3P Base Data have corresponding CATEGORIES where the compact token form is used in the compact policy. For example, the DATA element value <DATA ref=”#dynamic.http.useragent”/> maps to the P3P CATEGORIES element <computer/> whose corresponding compact token is COM. These representative CATEGORIES might not be included in the full P3P policy, but they are required for the compact policy.
Deploying P3P on a Web Site
Once full P3P policies and compact polices are defined, they can be deployed on the Web site using the following methods.
The Policy-Reference File
<COOKIE-INCLUDE name=”*” value=”*” domain=”*” path=”*”/>
Compact Policies and the HTTP Header
Compact policies are added to HTTP headers associated with cookie operations. Microsoft Internet Explorer 6 uses these compact policies to filter cookies based on a user’s privacy preferences. The following example shows the syntax for the P3P header using the preceding compact policy example.
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM”
The following list summarizes the common steps to deployment.
- Name the policy-reference file p3p.xml and deploy it at /w3c/p3p.xml.
- Deploy full P3P policy files within the same directory, for example, /w3c/full_p3p_policy.xml.
- Set compact policies for all cookies in the HTTP header.