User Agent Behavior

The following is a proposal for future work on P3P submitted following the November 2002 Workshop on the Future of P3P


Developers have begun to implement P3P in new versions of their products, mostly web browsers. As with the first version of most products, these efforts have received mixed reviews from users and site operators.

The current implementations have interfered with the functionality of some sites, confused users, and implement different standards. These implementations of P3P have required the developer to make certain decisions regarding what privacy practices to review and what to do if that particular privacy practice is enabled at a site, e.g., does the browser look for cookies that store personally identifiable information on the user's computer and then block them or just downgrade them.

Sites have been enabling P3P, particularly compact policies, and have had difficulties implementing P3P and maintaining functionality in the new user agents. Now functionality is not only limited by the rendering engine of a browser, for example, but also whether the browser will block cookies based on some particular privacy practice.

More consistency between user agents in how P3P is implemented would be helpful to users as their experience on one user agent would be transferable to another and to sites so that they could build the site and develop one consistent privacy policy.


Work on the issues discussed above could, without excluding other ideas, center on the following:

  1. Determining whether some basic recommendations are needed for implementing P3P in user agents; (NOTE: The word "recommendation" is used here only to describe the scope of this effort. The form, e.g., whether recommendations, suggestions, guidelines, a separate specification, or even just a white paper, is an unresolved question.)
  2. Reviewing the experiences of users and site operators with the currently available user agents to determine what areas should be addressed in this conversation; and
  3. Prepare recommendations for developers of user agents to follow when appropriate in implementing P3P.


There has been significant work already done on this topic. Resources are available from developers as wells as governmental regulators and NGOs. In addition, there are probably significant resources available in academia to assist in this effort. Despite the significant resources available, it is expected that reaching consensus on any recommendations would take a substantial amount of work and time. However, no formal recommendations may be required, the discussion itself may be useful to developers of users agents as well as site operators.

Time Frame

The issues here will probably be relatively hard to resolve and the timeframe for any formal recommendations would be significant. However, given previous discussions, it is doubtful that any recommendations coming from this effort would be included in the P3P specification. It would likely be in a separate document instead and allow this work and other work on the specification itself to proceed on different schedules.

Brian Zwit

Last update $Date: 2003/03/17 09:50:38 $ by $Author: rigo $