Web Privacy with P3P"O'Reilly Media, Inc.", 23.09.2002 - 321 Seiten Web site developers balance their need to collect information about users with their obligation to show respect for their users' privacy. The Platform for Privacy Preferences Project, or P3P, has emerged as a technology that may satisfy the wishes of both parties. Developed by the World Wide Web Consortium (W3C), P3P gives users more control over the amount of information they disclose about themselves as they browse the Web, and allows web sites to declare to browsers what sort of information they will request of users. The number of web developers using P3P continues to grow. P3P support is now built into the newest browsers, including Microsoft Internet Explorer, Netscape Navigator, and Mozilla. Web Privacy with P3P explains the P3P protocol and shows web site developers how to configure their sites for P3P compliance. Author Lorrie Faith Cranor, chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and co-author of the P3P1.0 specification, explains the inner workings of the P3P protocol while maintaining a hands-on implementation approach. Following a foreword by Stanford Law professor Lawrence Lessig, the book begins with an introduction to P3P and an overview of online privacy concerns and the laws governing online privacy. Cranor discusses existing privacy technology, such as encryption tools, filters and identity management tools. Next, the book shows you how to P3P-enable your own site. Among the many topics covered are:
|
Inhalt
Introduction to P3P | 3 |
How P3P Works | 4 |
P3PEnabling a Web Site | 9 |
The Online Privacy Landscape | 12 |
Fair Information Practice Principles | 22 |
Privacy Laws | 24 |
Privacy Seals | 27 |
Chief Privacy Officers | 28 |
The Policy File | 107 |
Creating P3P Policies | 110 |
Turning the Information You Gathered into a P3P Policy | 121 |
Writing a Compact Policy | 128 |
Avoiding Common Pitfalls | 131 |
Creating and Referencing Policy Reference Files | 133 |
| 144 | |
| 149 | |
PrivacyRelated Organizations | 29 |
Privacy Technology | 30 |
Encryption Tools | 31 |
Anonymity and Pseudonymity Tools | 36 |
Filters | 40 |
IdentityManagement Tools | 41 |
P3P History | 43 |
The Internet Privacy Working Group | 45 |
W3C Launches the P3P Project | 46 |
The Evolving P3P Specification | 47 |
The Patent Issue | 51 |
Feedback from Europe | 52 |
Finishing the Specification | 53 |
Legal Implications | 55 |
Criticism | 56 |
Overview and Options | 61 |
P3P Deployment Steps | 63 |
Creating a Privacy Policy | 65 |
Analyzing the Use of Cookies and ThirdParty Content | 68 |
One Policy or Many? | 73 |
Generating a P3P Policy and Policy Reference File | 74 |
Helping User Agents Find Your Policy Reference File | 75 |
Combination Files | 76 |
Compact Policies | 77 |
The Safe Zone | 78 |
Testing Your Web Site | 79 |
P3P Policy Syntax | 81 |
General Assertions | 82 |
DataSpecific Assertions | 89 |
The P3P Extension Mechanism | 104 |
Changing Your P3P Policy or Policy Reference File | 150 |
Avoiding Common Pitfalls | 151 |
Data Schemas | 153 |
Fixed and Variable Categories | 154 |
Writing a P3P Data Schema | 164 |
P3PEnabled Web Site Examples | 170 |
ThirdParty Agents | 179 |
Third Parties with Their Own Policies | 180 |
P3P Vocabulary Design Issues | 191 |
P3P Vocabulary Terms | 195 |
Whats Not in the P3P Vocabulary | 201 |
P3P User Agents and Other Tools | 203 |
Other Types of P3P Tools | 207 |
P3P Specification Compliance Requirements | 210 |
A P3P Preference Exchange Language APPEL | 214 |
APPEL Evaluator Engines | 216 |
Processing APPEL Rules | 225 |
Other Privacy Preference Languages | 229 |
User Interface | 236 |
Privacy Preference Settings | 254 |
User Agent Behavior | 259 |
Accessibility | 262 |
Privacy | 264 |
P3P Policy and Policy Reference File Syntax Quick Reference | 269 |
Configuring Web Servers to Include P3P Headers | 284 |
P3P in IE6 | 289 |
How to Create a Customized Privacy Import File for IE6 | 301 |
P3P Guiding Principles | 306 |
| 311 | |
Häufige Begriffe und Wortgruppen
allow users AT&T Privacy Bird attribute base data schema browser browser helper object Chapter Child elements clickstream collect compact policy companies configuration contact information contain cookies create custom custom privacy data elements data practices data set DATA-DEF DATA-GROUP DATA-STRUCT default demograph described developed disclose email address encryption ENTITY example expiry EXTENSION first-party human-readable privacy policy identified data implementations individuals Internet Explorer linked logs non-identifiable Online Privacy optional P3P header P3P policy P3P specification P3P user agents P3P vocabulary P3P-enabled p3p:DATA p3p:STATEMENT Parent element personal information policy and policy POLICY element policy reference file policy summary POLICY-REF privacy laws privacy preferences privacy protection privacy settings purposes recipient request server site's policy site's privacy statement structure syntax telemarketing Third Party's third-party content tion unstructured user interface user's preferences vacy web browser web bugs web server