Wednesday, July 27, 2005

What is P3P?

P3P is the Platform for Privacy Preferences Project. It was developed by the W3C, (World Wide Web Consortium) as a protocol for providing automated privacy information to the end user, giving them more control over their own personal information at the web sites they visit.

P3P websites offer privacy information in a machine-readable format and P3P enabled browsers can read this and compare it to their own privacy standards. This protocol provides a standardization of privacy statements and presents it in a format that allows surfers to act on the information they are provided with.

The two main goals of implemented P3P policies are:

* To enable Web sites to present their data-collection practices in a standardized, computer-readable, easy-to-locate manner
* To enable Web users to understand what data will be collected by sites, how that data will be used, and what data and uses they may "opt-out" of or "opt-in" to.

How is it useful?

Web Applications usually uses cookies to track any kind of user information. Internet Explorer (IE) 6.0's default privacy setting "interprets" framed sites as third party cookies. IE 6.0 does not accept third party cookies. Users setting their privacy settings on high on IE 6.0 disable access to such sites. Users have to customize the privacy setting to gain access to these sites. This really can annoy the users to change their privacy settings.

To avoid such kind of issues sites having cookies can implement P3P Policies and publish them on site. The policy will provide information of the site accepting the kind of cookies and the data collected by the user. After the implementation when user access the site user's privacy is matched with the policy deployed on the site. A handshake is done and if the users privacy settings matches the policy hosted on the site user is allowed to login to the site. Else the site is shown as blocked. P3P is being usually employed by Ad Servers to serve Ads.

How do I implement P3P on my site?

First, you need a privacy statement for your site that surfers can read, or you can use the HTML privacy statement that is generated with the IBM P3P editor. Policies can also be created from P3PDeveloper

The P3P Editor will create four files, a policy file, written in XML, a reference file, written in XML, a compact policy and an HTML version of the privacy statement that you can use on your site as your privacy statement if you don't wish to reference your site's current privacy statement, or if your site doesn't have one. Further compact policies setting can be set on IIS on custom header tab.

Along with the policy file a legal document page will also be created with the information about the legal implications of a site. The generated policy file can then be deployed along with the legal document on the web site. User can view the policy by viewing the privacy report on IE for the page with the posted policy information.

I, myself, have used P3P in one of my recent Projects where we built a 3rd Party Ad Server (I would be willing to discuss 3rd party AdServer in one of my later posts). Have you used P3P in your web applications? Your comments are welcome.

No comments:

A

Popular Posts (Last 30 days)

This is a personal blog and I do not speak for my employer.