How to Deploy P3P Privacy Policies on Your Web Site
- The Steps for Deploying P3P
- Related topics
The following graphic shows the steps for deploying P3P.
The following example shows a simple natural language policy.
<POLICY xmlns="http://www.w3.org/2000/12/p3pv1" discuri="http://www.blueyonderairlines.com/ourprivacypolicy.html" opturi="http://www.blueyonderairlines.com/optin.html"> <ENTITY> <DATA-GROUP> <DATA ref="#business.name">Blue Yonder Airlines</DATA> <DATA ref="#business.contact-info.postal.street">3456 Main St.</DATA> <DATA ref="#business.contact-info.postal.city">Tampa</DATA> <DATA ref="#business.contact-info.postal.stateprov">Fl</DATA> <DATA ref="#business.contact-info.postal.postalcode">77062</DATA> <DATA ref="#business.contact-info.postal.country">USA</DATA> <DATA ref="#business.contact-info.online.email">firstname.lastname@example.org</DATA> <DATA ref="#business.contact-info.telecom.telephone.intcode">1</DATA> <DATA ref="#business.contact-info.telecom.telephone.loccode">800</DATA> <DATA ref="#business.contact-info.telecom.telephone.number">5550158</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <STATEMENT> <PURPOSE><admin/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><stated-purpose/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream.server"/> <DATA ref="#dynamic.http.useragent"/> </DATA-GROUP> </STATEMENT> <STATEMENT> <PURPOSE><pseudo-analysis required="opt-in"/></PURPOSE> <RECIPIENT><other-recipient/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA ref="#user.home-info.postal.postalcode"> <CATEGORIES><demographic/></CATEGORIES> </DATA> </DATA-GROUP> </STATEMENT> </POLICY>
"NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
The three-letter compact policy tokens map to element values in the full P3P policy. For example, the ACCESS element value, <nonident/>, and CATEGORIES element value, <demographic/>, in the preceding full P3P policy appear as the tokens NOI and DEM in the compact policy. DATA elements defined in the P3P Base Data Schema (see P3P specification for more details) have corresponding CATEGORIES where the compact token form is used in the compact policy. For example, the DATA element value <DATA ref="#dynamic.http.useragent"/> maps to the P3P CATEGORIES element <computer/> whose corresponding compact token is COM. These representative CATEGORIES might not be included in the full P3P policy, but they are required for the compact policy. See the P3P specification for more information on how policy content is incorporated into a compact policy.
Once full P3P policies and compact polices are defined, they can be deployed on the Web site using the following methods.
<META xmlns="http://www.w3.org/2000/12/p3pv1"> <POLICY-REFERENCES> <POLICY-REF about="Full_P3P_Policy.xml"> <INCLUDE>\*</INCLUDE> <COOKIE-INCLUDE name="*" value="*" domain="*" path="*"/> </POLICY-REF> </POLICY-REFERENCES> </META>
Compact policies are added to HTTP headers associated with cookie operations. Internet Explorer 6 uses these compact policies to filter cookies based on a user's privacy preferences. The following example shows the syntax for the P3P header using the preceding compact policy example. For more information on how Internet Explorer 6 blocks or allows cookies, see Privacy in Internet Explorer 6.
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
The following list summarizes the common steps to deployment.
- Name the policy-reference file
p3p.xmland deploy it at /w3c/p3p.xml.
- Deploy full P3P policy files within the same directory, for example, /w3c/full_p3p_policy.xml.
- Set compact policies for all cookies in the HTTP header.
- Privacy in Internet Explorer 6
- Other Resources
- W3C: Platform for Privacy Preferences (P3P) Project
- Platform for Privacy Preferences (P3P) specification
- Make your Web site P3P Compliant (W3C)
Build date: 11/27/2012