P3P 1.0 Implementation Report

The following implementation reports were submitted to the P3P Specification Working Group by P3P implementers in November 2001. They have been edited slightly and reformatted following discussions between the implementers and the working group.

EC Joint Research Center P3P Research Platform

Contact person: Giles Hogben (giles.hogben@jrc.it )

Public web site: http://p3p.jrc.it/

Type of implementation:User agent

Description: The JRC P3P user agent is a P3P/APPEL enabled proxy application which implements P3P either a) As a personal proxy (running on the client's machine), or b) A remote proxy. The proxy P3P engine mediates all requests through an APPEL evaluation engine. Authenticated user management is included. The user is authenticated at the beginning of a browsing session and this is tracked throughout the session. (Authentication is currently required only in the REMOTE PROXY implementation. In the PERSONAL PROXY implementation authentication is not required) The APPEL component is written in Java 1.3 and has been tested on Windows 2000,NT and Linux. The P3P proxy is written in Java 1.3 and has been tested on Windows 2000 and NT although it is expected to work on Linux. It also includes a configuration script which is able configure Internet Explorer and return it to its original state. This script is contained in a shortcut which therefore acts as a "privacy button." The proxy can work with any browser which can be configured with a local or remote proxy. The application implements the APPEL 1.0 specification, in its latest form (except for optional elements behaviour and CDATA node handling). It includes prompt handling and limited behavior. The application will be distributed from a web site which aims to educate consumers and business users about P3P. The application will be distributed as a stand alone application for personal or remote use, and the remote application will be available as a service from a JRC server. The package will include an APPEL ruleset editor, which is and links to a policy editor, such as the IBM policy editor.

Exit criteria: The JRC implementation is a P3P user agent implementation integrated into an HTTP user agent capable of fetching HTML files that includes all of the functionality required and recommended by this specification.

Spec compliance: The implementation complies with all the MUSTs and SHOULDs in the specification. It does not deal with compact policies (not required or recommended).

Internet Explorer 6

Contact person: Aaron Goldfeder <aarong@microsoft.com>

Public web site: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp.

Type of implementation: User agent

Description:Internet Explorer 6 (IE 6) is a web browsing update for Windows 98/ME/NT/2000 and a feature of Windows XP. IE 6 implements P3P to provide cookie filtering based on privacy preferences and provides increased user awareness and empowerment. The cookie filtering takes place by applying user preferences to compact policies (or lack thereof) to make decisions on how to handle cookies. There are 6 provided preference settings to choose from as well as an import mechanism for configuring privacy preferences. When a nontrivial action is taken on a cookie (e.g. block, suppress, downgrade to session) a privacy icon will display. Clicking on this icon brings up a dialog showing urls for all of the components of the current web page. Clicking these urls will bring up a friendly, human readable version of the associated full P3P policy, and options for how to handle cookies from that site.

Exit criteria: IE 6 implements most of the required functionality (we have not listed which of the recommended functionality IE6 implements). Notably it implements the compact policies feature.

Spec compliance: Fetching and processing full P3P policies is a user initiated action and as such requirements on the fetching and processing of a P3P policy apply only as a user initiates this action. IE 6 has implemented the requirements of the specification with exceptions as noted below and including possible defects. “User agents MUST accordingly interpret COOKIE-INCLUDE and COOKIE-EXCLUDE elements in a policy reference file to determine the policy that applies to cookies.” As IE 6 was completed and shipped before COOKIE-INCLUDE was finalized it was only possible to support the spec for associating compact policies with cookies and not full policies as this MUST requires. Given the above, the requirement "In addition, user agents MUST use only non-expired policies and policy reference files when evaluating new set-cookie events." is not applicable for full policy handling.

5.5 and 5.6 IE 6 does not make any processing decisions based upon any referenced data elements and is thus not ‘aware’ of the base data schema in that sense. “Aware” is arguably too vague of a requirement.

5.7 When IE 6 renders a policy in its friendly, human readable format, if the policy author places an incorrect category in the policy, IE 6 will render that to the user. Since the entire paradigm of P3P rests upon good intent and correct P3P authoring, this is not effectively an issue for users. However it does violate the following requirement: “User Agents MUST ignore such categories and instead use the original category (or set of categories) listed in the schema definition.” Also IE 6 does not report data elements in the human-readable policy format other than dynamic.misc data. We are mostly certain, but not a 100% sure that we implement the escaping requirements correctly for wildcards in policy reference files.

AT&T WorldNet Privacy Tool

Public web site: http://privacy.research.att.com/

Contact person: Lorrie Cranor (lorrie@att.com)

Type of implementation: User agent

Description: The AT&T WorldNet Privacy Tool is a browser helper object for IE5.01/5.5/6.0 on Win98/2000/ME/NT/XP. It adds a "little bird" icon to the browser title bar. The icon turns yellow at sites that are not P3P-enabled, green at sites that match the user's preferences, and red at sites that do not match the user's preferences. The user can click on the bird to configure preferences or get a policy summary. At sites that do not match the user's preferences, the policy summary includes specific reasons why the mismatch occurred. The software also checks for embedded content and provides an indication at sites that match user's preferences but contain embedded content that does not. User's can request policies for embedded content as well. The software currently does not perform any filtering or cookie blocking functions.

Exit criteria: Very close to satisfying milestone 1, a user agent capable of fetching HTML files that includes all of the functionality required and recommended by the specification. (See below for deficiencies).

Spec compliance: Our current version (Beta 1.0.4) appears to satisfy all the MUSTs and SHOULDs in the spec with the following exceptions:

2.2 "if user agents support retrieving HTML content over HTTP, they MUST handle all three mechanisms listed above interchangeably." Our software mostly does this. However, we are not able to use the header method to find the policy reference files associated with form submissions (POST requests or GET requests containing a ?).

2.2.2 We currently do not properly handle 300-class HTTP redirects when requesting policy reference files. We are looking into fixing this.

2.4.3 We currently do not do any special handling for the safe zone. In particular, we do not suppress cookies or referer header for safe zone requests.

3.2 We currently do not do sufficient syntax checks to make sure the software will act according to the user's preferences. We intend to add DTD validation before comparing policies to user preferences.

Note, we do not handle compact policies at all (section 4). This is neither required nor recommended, however.

W3C P3P Validator

Public web site: http://www.w3.org/P3P/validator.html

Contact person: Yuichi Koike (yuichi@mmp.cl.nec.co.jp)

Type of implementation: Site Validation Tool

Description: The W3C P3P Validator is a web-based tool. It checks whether a web site is correctly implementing the P3P standard. The validation process includes both protocol and file validation. In the protocol validation process, the validator checks if the site provides the location of the policy reference file by using either well-known location file, HTTP header, or HTML head element. In the file validation process, the validator tests the syntax of policy and policy reference files against the P3P XML schema definition. It also checks the syntax of the compact policy. Then, it checks if all base data elements used in the policy are valid. Finally, it checks hyper-links embedded in the policy.

Exit criteria: Since the P3P validator is neither a user agent nor a policy generator, it has nothing to do with the exit criteria. However, almost all functions required for the user agents are implemented in supported by the validator.

Spec compliance: The current version satisfies all the relevant MUSTs in the spec

IBM P3P Policy Editor

Public web site: http://www.alphaworks.ibm.com/tech/p3peditor

Contact Person: Martin Presler-Marshall (mpresler@us.ibm.com)

Description: The IBM P3P Policy Editor is a graphical editor for P3P policies. It allows someone creating a P3P policy to focus on the content of the policy, not it syntax. The editor can be used to build a policy from scratch, customize a policy from a template, or edit an existing policy. The editor can also distill the P3P policy into a compact policy representation, and can generate a policy reference file.

Exit Criteria: The IBM P3P Policy Editor provides exit criteria 3 and 4 as listed in the P3P specification.

Spec Compliance: The IBM P3P Policy Editor version Beta 1.9 appears to be fully compliant with the P3P1.0 specification.

Other Notes:

  1. Note that the IBM P3P Policy Editor allows creating and saving files which are not in compliance with the specification. This is a design goal to allow the user to save a "work in progress".
  2. Requirements regarding multiple languages (2.4.2) are handled by the Webserver itself.
  3. 3.2.4: The IBM P3P Policy Editor only supports creating or editing certain data elements in the <ENTITY> description. The specification does not list any data elements as being required, so this is not a violation of the specification.
  4. The IBM P3P Policy Editor has defined an optional P3P extension with the namespace http://www.software.ibm.com/P3P/editor/extension-1.0.html. Any other optional extensions will be discarded when editing an existing policy.
  5. The IBM P3P Policy Editor does not recognize any mandatory extensions.
  6. The IBM P3P Policy Editor cannot transform a compact policy to a full policy.
  7. As the IBM P3P Policy Editor is currently beta software (see the IBM alphaWorks license agreement for more details), it may contain bugs or other problems. This may include additional violations of the specification not listed above.

last revised $Date: 2002/03/04 10:16:04 $ by $Author: koike $