Forum Moderators: open
I'd like to put a p3p policy on my new site. Just how tough is it to do?
And does anyone know of an idiot guide to doing one? (just trying to avoind wading through the moutains of acedemic stuff)
Cheers...
Nick
Nick
I found it best to find a site with a p3p policy, copy and adapt it to suit your needs.
Then run it through the validators mentioned in the thread above.
Answer: it's pretty easy really ;)
Nick
There are utilities which can do this for you and these are listed on the W3C website, if you don't want to get your hands dirty using a 3rd party application is the best and easist route.
However if you want to do it yourself...
First of all visit the W3C site. They will have a specification for the P3P files and implementation guides which contain notes about lots of the problems and things you need to think about. The technical documents may not be the most user-friendly things you ever read but they represent the rules - at the end of the day they are what you are going to be validating against.
Next you might want to hit Google for suitable guides - just make sure that they relate to a recent version and not an older document based on an out-dated specification!
If you aren't comfortable working through the W3C material you accessed in the previous step then you will need a guide which walks you through *everything* rather than skipping over certain aspects which were not relevant to themselves.
Lastly copy three things from an P3P enabled site which passes validation (I borrowed mine from the MS website since they were the first P3P enabled site I found at the time).
1) P3P line from the server response header
2) Compact policy P3P (defaults location is /w3c/p3p.xml but can be overridden by the P3P header)
3) Full policy(s) (the location is defined inside the compact policy)
These are useful incase you need *working* examples, plus if you have a p3p file from a big corporation then you are virtually guaranteed an example of all the types of structures you will ever need (e.g. I am *really* unlikely to be collecting more personal data than MS so they make good templates at times)
Okay now you have components so it's time to either go through your guide or start reading the w3c documentation - personally I chose the W3C documentation.
Obviously every site is different in its requirements when using P3P so direct advice is very hard to give, equally each guide will be different and that only leaves the documentation route...
The W3C documentation and implementation guides are aimed at a technical audience and so you may find yourself reading and re-reading certain parts repeatedly until it sinks in, don't worry about that it is just one of those things and it decreases drastically as you get used to the writing style...
The only other advice is to start with a new set of blank files for P3P and then slowly build them up as you go through the material - this ensures you don't end up with large chunks of data just copied from a template which aren't relevant to yourself.
Also when you use the material read *everything* - especially the examples they give, if you get stuck consult the P3P files you downloaded and if they don't help take a look at the relevant section of the schema.
Hope this helps a little, sticky me if you have other questions and I'll try to help if I can.
- Tony
