W3C home > Mailing lists > Public > www-p3p-policy@w3.org > September 2002

Re: [Moderator Action] Apache Syntax Example - IE 6.0 Compatability

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 12 Sep 2002 16:57:10 +0200
To: Ellen Hasenkamp <ellen@residentinteractive.com>
Cc: www-p3p-policy@w3.org
Message-ID: <20020912145710.GP4081@localhost>

On Wed, Sep 11, 2002 at 10:07:34AM -0400, Ellen Hasenkamp wrote:
> thought someone else might benefit from having a syntax example for Apache
> that really, really works.
> Add the following to the Httpd.conf file:
> <Location />
> Header append P3P "policyref=\"../w3c/p3p.xml\", CP=\"IDC DSP COR CURa ADMa
> </Location>

I would like to indicate, that there is a full technical explanation on
how to implement P3P on the server-side in the P3P Deployment Guide:


Please note, that this is only an example for configuration. As the
tokens carry semantics, you risk to carry misleading semantics in the
http-header if you don't obey to the things expressed in the tokens. 
Those here mean you:

IDC  <ident-contact/> (you identify people to contact them later)
DSP COR some dispute resolution thingy and errors will be corrected
CURa is illegal with respect to the Spec (and will therefor only work
     with current IE6) as there is no more attribute on <current/>
ADM  site administration (no opt-out)
DEV  development of the site
TAI  (tailoring of the site)
PSAa (pseudo-analysis, no opt-out (tracking unter some pseudonym like
      IP-address or cookie
OUR  we receive this information
BUS  others with the same business-practice receive that information
IND  we keep your data indefinitely
PHY  we collect physical contact info
ONL  we collect online information
UNI  we collect online uniqueID's
COM  we collect info about your computer
NAV  we collect info about your navigation (aka clickstream)
INT  all interactive information is collected
DEM  also demographic information
CNT  and content information
PRE  and your preferences 
LOC  and your location

It would really surprise me, if this would work with IE6 in the default
setting as it is identifying the individual. 

So Please and Please only declare what you are really doing and don't
forget to provide also a full-policy at the same time (mandatory)

So please, don't use statements from third parties just because they
promise it would work. It may bring you more risk than benefit to do so.
Consider carefully the use of personal data and follow the advices on
the P3P-pages (http://www.w3.org/P3P/) and on http://www.p3ptoolbox.org/
If you experience trouble with implementing P3P on the server-side,
please look at the Server-Implementation-Guide:


Remember that the hardest question in implementing P3P on your site is
to first think about and implement Privacy. The technical stuff is
really less challenging, especially on the server-side.

Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis
Received on Thursday, 12 September 2002 11:08:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:08 UTC