Web Privacy with P3P

Description

Web site developers balance their need to collect information about users with their obligation to show respect for their users' privacy. The Platform for Privacy Preferences Project, or P3P, has emerged as a technology that may satisfy the wishes of both parties.

Developed by the World Wide Web Consortium (W3C), P3P gives users more control over the amount of information they disclose about themselves as they browse the Web, and allows web sites to declare to browsers what sort of information they will request of users. The number of web developers using P3P continues to grow. P3P support is now built into the newest browsers, including Microsoft Internet Explorer, Netscape Navigator, and Mozilla.

Web Privacy with P3P explains the P3P protocol and shows web site developers how to configure their sites for P3P compliance. Author Lorrie Faith Cranor, chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and co-author of the P3P1.0 specification, explains the inner workings of the P3P protocol while maintaining a hands-on implementation approach.

Following a foreword by Stanford Law professor Lawrence Lessig, the book begins with an introduction to P3P and an overview of online privacy concerns and the laws governing online privacy. Cranor discusses existing privacy technology, such as encryption tools, filters and identity management tools. Next, the book shows you how to P3P-enable your own site. Among the many topics covered are:

* P3P deployment steps
* P3P policy syntax
* Creating P3P policies
* Creating and referencing policy reference files
* Data schemas Full of examples and case studies, Web Privacy with P3P delivers practical advice and insider tips. Software developers, privacy consultants, corporate decision-makers, lawyers, public policy-makers, and any individual interested in online privacy issues will find this book a necessary reference.

CONTENTS:

Foreword

Preface

Part I. Privacy and P3P

1. Introduction to P3P
      How P3P Works
      P3P-Enabling a Web Site
      Why Web Sites Adopt P3P

2. The Online Privacy Landscape
      Online Privacy Concerns
      Fair Information Practice Principles
      Privacy Laws
      Privacy Seals
      Chief Privacy Officers
      Privacy-Related Organizations

3. Privacy Technology
      Encryption Tools
      Anonymity and Pseudonymity Tools
      Filters
      Identity-Management Tools
      Other Tools

4. P3P History
      The Origin of the Idea
      The Internet Privacy Working Group
      W3C Launches the P3P Project
      The Evolving P3P Specification
      The Patent Issue
      Feedback from Europe
      Finishing the Specification
      Legal Implications
      Criticism

Part II. P3P-Enabling Your Web Site

5. Overview and Options
      P3P-Enabled Web Site Components
      P3P Deployment Steps
      Creating a Privacy Policy
      Analyzing the Use of Cookies and Third-Party Content
      One Policy or Many?
      Generating a P3P Policy and Policy Reference File
      Helping User Agents Find Your Policy Reference File
      Combination Files
      Compact Policies
      The Safe Zone
      Testing Your Web Site

6. P3P Policy Syntax
      XML Syntax
      General Assertions
      Data-Specific Assertions
      The P3P Extension Mechanism
      The Policy File

7. Creating P3P Policies
      Gathering Information About Your Site's Data Practices
      Turning the Information You Gathered into a P3P Policy
      Writing a Compact Policy
      Avoiding Common Pitfalls

8. Creating and Referencing Policy Reference Files
      Creating a Policy Reference File
      Referencing a Policy Reference File
      P3P Policies in Policy Reference Files
      Changing Your P3P Policy or Policy Reference File
      Avoiding Common Pitfalls

9. Data Schemas
      Sets, Elements, and Structures
      Fixed and Variable Categories
      P3P Base Data Schema
      Writing a P3P Data Schema

10. P3P-Enabled Web Site Examples
      Simple Sites
      Third-Party Agents
      Third Parties with Their Own Policies
      Examples From Real Web Sites

Part III. P3P Software and Design

11. P3P Vocabulary Design Issues
      Rating Systems and Vocabularies
      P3P Vocabulary Terms
      What's Not in the P3P Vocabulary

12. P3P User Agents and Other Tools
      P3P User Agents
      Other Types of P3P Tools
      P3P Specification Compliance Requirements

13. A P3P Preference Exchange Language (APPEL)
      APPEL Goals
      APPEL Evaluator Engines
      Writing APPEL Rule Sets
      Processing APPEL Rules
      Other Privacy Preference Languages

14. User Interface
      Case Studies
      Privacy Preference Settings
      User Agent Behavior
      Accessibility
      Privacy

Part IV. Appendixes

A. P3P Policy and Policy Reference File Syntax Quick Reference

B. Configuring Web Servers to Include P3P Headers

C. P3P in IE6

D. How to Create a Customized Privacy Import File for IE6

E. P3P Guiding Principles

Index