Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: incrediBILL
Answer: It is a W3C standard on how to specify privacy policies for a web site. The standard has both a human readable part to it, as well as a machine readable part. The standard can be found here: [w3.org ], with errata at [w3.org ], and other information about it at [w3.org ].
Question: Why is it important that I know anything about it?
Answer: IE6 will be supporting a feature that reads the machine readable P3P policy of a web site. Depending on the settings in the options dialog, it may disable certain features of the browser, such as the capability of setting cookies, unless there is a P3P file in place, and the file matches the user's preferences. So unless you implement a P3P policy on your web site, some users may have a bad experience visiting your site.
Question: How can I easily create P3P policies?
Answer: The P3P file specification, and requirements for locating the files are given in the references above. However, I have personally found it difficult to read. There is a deployment guide at [w3.org ] that is a somewhat easier guide. There is a free editor available for download from the IBM web site at [alphaworks.ibm.com ]. It works, although it is difficult to set up right the first time.
Question: How do I know I did it right?
Answer: There is a validator at [w3.org ], that will check out your web site and report any P3P problems.
My question is "what, if anything, do we need to do on OUR domains"?
1. You need to create three files:
a. An HTML description of your policies, say called policy.html
b. A p3p reference file, called p3p.xml
c. p3p policy file, say called policy.xml
The editor will help you construct the correct syntax and descriptions. Setting up the editor was tricky as you first had to install the java files from the Sun site. The interface is consistent but a little weird. It gets the job done, and is far easier than working through the p3p spec. I'll try to help with questions about it if anyone has them.
2. Create a directory called /w3c off the root of your domain and locate all three files in that directory.
3. Help user agents find the files. There are three ways that a web browser can use to find the the files.
a. By looking for the /w3c directory
b. By looking at the HTTP header
c. By looking at a link tag within the file
It is suggested that you help the web browser with all three techniques. The directory is already done. To do the HTTP header, you need to add a line that makes it look like this:
Call Response.AddHeader("P3P", "policyref=""/w3c/p3p.xml""")
<link rel="P3Pv1" href="/w3c/p3p.xml"></link>
If you have any problems creating the referral file (I did) just edit the example at W3C to the type and number of policies you are using, naming it p3p.xml (as mentioned above in Xoc's post.)
IE6 now finds my P3P document very fast and that little red "cookie-blocked" icon has gone away from user's status bar.
(edited by: keyplyr at 8:55 am (gmt) on Sep. 28, 2001
Header set P3P "policyref=\"http://www.domain.com/w3c/p3p.xml\""
I should add that you can get the same result as the .htaccess line in IIS, through the IIS Manager dialogs. Find the HTTP header tab and add it there. The main advantage there instead of the <% ASP line is that it covers every file in your web site, not just the .asp files.