Microsoft KB Archive/290333

= Description of the Platform for Privacy Preferences (P3P) Project =

Article ID: 290333

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0

-



This article was previously published under Q290333



SUMMARY
This article describes the Platform for Privacy Preferences (P3P) project. P3P is a combined protocol and architecture designed to inform Web users of the data-collection practices of Web sites. Internet Explorer 6 supports the use of P3P version 1 Compact policies by Web sites to report their intended use of cookie information. The Compact policy information is used in combination with user preferences to determine whether Internet Explorer 6 will accept or block cookies from the Web site. The P3P specification and associated documents are located at the following World Wide Web Consortium Web site:

http://www.w3.org

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.



The P3P Specification
The P3P specification defines:
 * A standard schema for data a Web site may want to collect.
 * A standard set of privacy disclosures.
 * A means of associating privacy policies with Web pages and cookies.
 * An XML format for expressing privacy policies.
 * A mechanism for transporting P3P policies over HTTP.

P3P Goals
The two main goals of P3P are:
 * To enable Web sites to present their data-collection practices in a standardized, computer-readable, easy-to-locate manner.
 * To enable Web users to understand what data will be collected by sites, how that data will be used, and what data and uses they may &quot;opt-out&quot; of or &quot;opt-in&quot; to.

P3P Policies
A P3P-compliant Web site encodes its data collection and use practices in a computer-readable XML format known as a P3P policy.

Compact Policies
A Compact policy is a summarized version of a full P3P policy. Compact policies are a performance optimization that allows the user agent to make quick, synchronous decisions about applying policy. P3P version 1 Compact policies contain policy information related to cookies only. The P3P full policy that is summarized by the P3P Compact policy applies to both data stored within the cookie and to data at the Web site that is referenced by the cookie. The Compact policy must represent all of the cookies that are referenced in the P3P full policy.

Note that P3P Compact policies are optional for both user agents and servers. User agents that are unable to obtain enough information from a Compact policy to apply the user's privacy preferences should fetch the full policy.

Compact Policy Scope and Lifetime
When a P3P Compact policy is included in an HTTP response header, it applies to cookies that are set by the current response. This includes cookies set through the use of an &quot;HTTP SET-COOKIE&quot; header or cookies that are set by script. Because Compact policies can apply policy only to cookies that are set in the current response, Compact policies cannot apply policy to cookies from a different namespace.

The P3P policy summarized by the Compact policy must span the lifetime of the cookie. When a server sends a Compact policy, it is asserting that the Compact policy and the corresponding full P3P policy will be in effect for at least the lifetime of the cookie to which it applies.

Keywords: kbinfo kbenv KB290333

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.