NYCPHP Meetup

[Chris Shiflett]

--- Chris Snyder <chris at psydeshow.org> wrote:
> it was previously written in the list, regarding IE 6
> cookies:
>
> > I had a similar issue, albeit with the domains
> > nyphp.org vs. www.nyphp.org. By the way Chris,
> > that's a great resource (http://www.w3.org/P3P/).
>
> I've just been bitten by an IE6 cookie problem: a
> customer has a Privacy profile in his Internet Options
> that only allows cookies from sites with a "compact
> privacy policy" based on P3P. Well, that's just peachy,
> but it means they can't use my site until I create one
> or they change their settings.
> 
> From looking at that w3.org page and the accompanying
> quickstart, it seems that most of the tools used to
> generate these are proprietary and cost from $50 on up.

I'm not sure what you read, but that is certainly not true.
Making a site P3P compliant is not too difficult, is very
well-documented, and can be done with vi. :-)

I should have been more specific in the URL I gave, but
here are the most important places for implementation:

http://www.w3.org/TR/p3pdeployment - This is a good
document written by the W3C that goes through everything
involved in compliance, including some useful examples.

http://www.w3.org/P3P/validator.html - Like the famous HTML
and CSS validators, the W3C has this P3P validator that can
validate your privacy policy (for proper formatting) or an
entire site.

> IBM's tool appears free, but they also have a "request
> license" link.

There may be tools that try to make things easy for you,
but they are no more necessary for writing privacy policies
than FrontPage is necessary for writing HTML. 

> Has anyone else created P3Ps for their sites?

Not yet, actually, but I researched the topic in detail for
a book I wrote by using sites like http://www.w3.org/ and
http://www.yahoo.com/ as examples, since they are both
compliant.

> And if you need a tool, are there any good open-source
> versions?
> 
> If not, I'd be interested in developing an online,
> form-based tool in PHP that would be available for
> anyone to use and mirror (including the nyphp site).
> Is this a realistic undertaking?

I think it is very realistic and would probably pretty easy
to do, if it doesn't already exist. The only challenge I
can see in P3P compliance is adhering to the proper formats
in the associated XML documents. A PHP tool could use the
latest DTD straight from the W3C Web site (I can't remember
the URL for it off-hand) to create a nice little HTML form
that describes each element and makes things a bit simpler.

Hope that helps.

Chris