Summary of P3P
In short, P3P offers the internet world a way to control/add security to web sites and to web browsers. Browser which support P3P such as the new IE 6.0 will allow users to control how cookies are sent/store on the user's PC. Old browsers gave you a flat option of Allow, Don't allow or Prompt:" when a web site wanted to send a cookie. This use to be manageable in the past, however, today with the on slaughter of invasion of privacy, pop-ups ads and tracking by advertisement companies, it has become a really nuisance. The worst is that you visit one web site and you get tons of cookies many different advertising and people tracking companies. P3P will allow users to control all this on a web site by web site basis. If a web site wants to send cookies, it should have a P3P policy that the browser will honor.
Updated Note:
The new popular Mozilla FireFox has a different strategy in security
which is rather quite simple in nature - DO ALLOW IT IN THE FIRST PLACE.
If you are concern about the lack of security the IE browser presents,
we urge you to try the new Mozilla FireFox
browser. Not only it more secure than IE, it actually is quite faster in
many respect than IE.
How doe P3P work?
It is pretty simple.
When you visit a web site, it can send you a cookie. This is called the "First Party" cookie. Any other cookies coming from other web sites from this first web site are called "Third Party" cookies. New browsers will be able to flat out block 1st party cookies and/or 3rd party cookies. However, you can set up the browser to follow the web site's P3P policy if any.
So when the user visits a web site, it will request for the web site's P3P policy, if any. The browser will then follow the user's desire on how to handle the web site's P3P policy.
How does the browser request the P3P policy?
There are 3 methods a browser will request the P3P policy:
Adding P3P support to your Wildcat! Web Server
The following will explain how to add a P3P policy to your Wildcat! Server.
At the moment, Wildcat! does not support the P3P "Well-Known Location" and the HEADER response methods for publishing (finding) your P3P policy.. Wildcat! currently does not allow you to add additional header information in a HTTP response. The "well-known" location method requires the P3P agent to send a special URL "/w3c/p3p.xml" to the Wildcat! server. In Wildcat!, this will be recognized as a private URL forcing an authentication. If the browser requested /public/w3c/p3p.xml then all will be fine, but that is not what is being requesting.
Both features will be added to Wildcat! in the future, however the solution is by add the following LINK command to the HEAD portion of your default.htm file like so:
| <head> |
<link rel="P3Pv1" href="/public/w3c/p3p.xml"> |
| </head> |
next, create the following directory:
\wc5\http\public\w3c |
and now add two files to this directory:
P3P.XML is called the P3P Policy reference file and P3Policy.xml is the P3P policy.
P3P.XML contains the following:
<META xmlns="http://www.w3.org/2001/09/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="/public/w3c/p3p.xml">
<INCLUDE>/*</INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
|
The P3Policy.XML is more complex since it will describe your P3P policy for your site.
Download this example P3POLICY.XML and edit it for your site. However, see the W3C documentation on creating a P3P policy. W3C provides the P3P Validator service, which checks if the web site is compliant with P3P.