Web Privacy with P3P

By Lorrie Faith Cranor

Table of Contents

Foreword ix

Preface xiii

Part I. Privacy and P3P

1. Introduction to P3P 3
How P3P Works 4
P3P Enabling a Web Site 9
Why Web Sites Adopt P3P 10

2. The Online Privacy Landscape 12
Online Privacy Concerns 12
Fair Information Practice Principles 22
Privacy Laws 25
Privacy Seals 28
Chief Privacy Officers 29
Privacy-Related Organizations 29

3. Privacy Technology 31
Encryption Tools 32
Anonymity and Pseudonymity Tools 37
Filters 41
Identity Management Tools 42
Other Tools 43

4. P3P History 44
The Origin of the Idea 44
The Internet Privacy Working Group 46
W3C Launches the P3P Project 47
The Evolving P3P Specification 49
The Patent Issue 52
Feedback From Europe 54
Finishing the Specification 54
Legal Implications 56
Criticism 57

Part II. P3P-Enabling Your Web Site

5. Overview and Options 63
P3P-Enabled Web Site Components 63
P3P Deployment Steps 65
Creating a Privacy Policy 67
Analyzing the Use of Cookies and Third-Party Content 70
One Policy or Many? 75
Generating a P3P Policy and Policy Reference File 76
Helping User Agents Find Your Policy Reference File 78
Combination Files 79
Compact Policies 79
The Safe Zone 81
Testing Your Web Site 82

6. P3P Policy Syntax 83
XML Syntax 83
General Assertions 84
Data-Specific Assertions 92
The P3P Extension Mechanism 107
The Policy File 110

7. Creating P3P Policies 113
Gathering Information About Your Site's Data Practices 113
Turning the Information You Gathered Into a P3P Policy 124
Writing a Compact Policy 131
Avoiding Common Pitfalls 134

8. Creating and Referencing Policy Reference Files 136
Creating a Policy Reference File 136
Referencing a Policy Reference File 147
P3P Policies in Policy Reference Files 152
Changing Your P3P Policy or Policy Reference File 153
Avoiding Common Pitfalls 154

9. Data Schemas 156
Sets, Elements, and Structures 156
Fixed and Variable Categories 157
P3P Base Data Schema 157
Writing a P3P Data Schema 168

10. P3P-Enabled Web Site Examples 173
Simple Sites 173
Third Party Agents 182
Third Parties With Their Own Policies 183
Examples From Real Web Sites 183

Part III. P3P Software and Design

11. P3P Vocabulary Design Issues 193
Rating Systems and Vocabularies 193
P3P Vocabulary Terms 197
What's Not in the P3P Vocabulary 203

12. P3P User Agents and Other Tools 205
P3P User Agents 205
Other Types of P3P Tools 209
P3P Specification Compliance Requirements 212

13. A P3P Preference Exchange Language (APPEL) 216
APPEL Goals 216
APPEL Evaluator Engines 218
Writing APPEL Rule Sets 218
Processing APPEL Rules 228
Other Privacy Preference Languages 232

14. User Interface 239
Case Studies 239
Privacy Preference Settings 258
User Agent Behavior 263
Accessibility 266
Privacy 267

Part IV. Appendixes

A. P3P Policy and Policy Reference File Syntax Quick Reference 271
B. Configuring Web Servers to Include P3P Headers 286
C. P3P in IE6 291
D. How to Create a Customized Privacy Import File for IE6 303
E. P3P Guiding Principles 309

Index 313


Web Privacy with P3P
by Lorrie Faith Cranor
with Foreward by Lawrence Lessig
September 2002
O'Reilly & Associates
ISBN 0-59600-371-4
344 pages, $39.95



Privacy policy

http://p3pbook.com/toc.html