Introduction to P3P, Page 2
The P3P specification rarely uses the terms browser or client; instead the term user agent is used. Although end-user P3P implementations might naturally be built into web browsers, P3P implementations can also be built into electronic wallets, standalone applications, ISP software, or other tools. Thus, the more general term "user agent" is used in the specification and in many places throughout this book.
The P3P specification places few requirements on user agents, so what P3P user agents do varies considerably. This book contains descriptions of several P3P user agents and a variety of possible user agent functions.
Another P3P user agent,the Microsoft Internet Explorer 6 web browser, automatically checks P3P compact policies at sites that set cookies. Users can configure IE6 to filter cookies that do not have compact policies or that have compact policies that do not match their preferences. IE6 displays an "eye"symbol in the bottom right corner of the browser window when cookies are blocked. Users can also select the "Privacy Report" option from the View menu to have IE6 fetch a site's P3P policy and generate and display a human-readable version.
In May 2002 Netscape released the preview version of its Netscape Navigator 7 software, which includes P3P functions similar to those found in IE6. Users can configure Netscape to filter cookies on the basis of their P3P compacy policies. They can also select Page Info from the View menu and go to the Privacy tab to have Netscape fetch a site's P3P policy and generate and display a human-readable version.
While the IE6 and Netscape P3P implementations are good first steps that are helping stimulate P3P adoption, they make cookie-filtering decisions based on compact policies only; they do not base these decisions on full P3P policies. Hopefully, in the future Microsoft and Netscape will offer configuration options that take advantage of full P3P policies.
Chapter 12 discusses a variety of ideas for P3P user agents. For example, a P3P user agent might be built into an electronic wallet or other software that includes a data repository that stores data users frequently exchange with web sites. The data in this repository might be identified by the standard names defined in the P3P base data schema. Before automatically filling out a form or submitting data on behalf of a user, a P3P-enabled electronic wallet might fetch the relevant P3P policy and compare it with the user's preferences. If a site does not have a P3P policy or has a policy that does not match the user's preferences, the wallet can alert the user. The wallet might also automatically create and fill out forms with requested data, annotating the forms with the site's data practices.
P3P also has a standard language for encoding a user's privacy preferences, called A P3P Preference Exchange Language (APPEL). APPEL files specify what actions the user agent should take, depending on the types of disclosures made by a web site. APPEL files are used by P3P user agents—they are not intended to be sent to web sites. APPEL is not designed to be read by end users either; it is useful mostly for organizations—such as privacy advocacy groups, privacy seal providers, or governmental privacy agencies—that don't like the default settings that come with P3P user agents and want to develop their own "canned" P3P configuration files to distribute to users. It also enables users who have found a configuration setting they like to export it from one user agent and import it into another. However, not all P3P user agents include the ability to import and export APPEL files. The APPEL files themselves are encoded in XML, just like P3P policies. The details of writing APPEL files are discussed in Chapter 13.
P3P-Enabling a Web Site
P3P-enabling a web site is usually a fairly easy process, from a technical standpoint. However, it may require web site operators to take a more detailed look at their data practices than they have done previously and to coordinate policies and practices across the hosts in their domains. Here is an overview of the steps required to P3P-enable a web site. Part II of this book details this entire process.
- Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site.
- Create a P3P policy (or policies) for your site.
- Create a policy reference file for your site.
- Configure your server for P3P.
- Test your site to make sure it is properly P3P-enabled.
Most P3P-enabled web sites end up with one P3P policy reference file on each of their servers and one or more P3P policies on a central server. They may also configure their servers to send a P3P compact policy whenever they set cookies.
P3P policies include the following information:
- Contact information for the business, organization, or person who owns the site
- Whether individuals can find out what personal data a site keeps about them in its databases
- How to resolve privacy-related disputes with the site (customer service desk, privacy seals, relevant privacy laws, etc.)
- The kinds of data collected
- How collected data is used, and whether individuals can opt-in or opt-out of any of these uses
- Whether/when data may be shared and whether there is opt-in or opt-out
- Policies for periodic purging of collected data
A variety of software tools are available to assist web site developers in P3P-enabling their sites. Some of these are described later in this book; however, for the most up-to-date lists of P3P tools, see http://p3ptoolbox.org/tools/ and http://www.w3.org/P3P/implementations/.