Table of Contents
A.Base Data Schema
B.Cookies in Microsoft Internet Explorer 6.0
C.Basic Cookie Operations
The formal XML definition of the P3P base data schema is given in Appendix 3 of the P3P Specification. In the following sections, taken directly from the P3P Specification as of January 16, 2002, the base data elements and sets are explained one by one.
|Each table below specifies a set, the elements within the set, the category associated with the element, its structure, and the display name shown to users. More than one category may be associated with a fixed data element. However, each base data element is assigned to only one category whenever possible. It is recommended that data schema designers do the same.|
5.6.1 User Data
The user data set includes general information about the user.
|user||Category||Structure||Short display name|
|name||Physical Contact Information, |
Demographic and Socioeconomic Data
|bdate||Demographic and Socioeconomic Data||date||User's Birth Date|
|login||Unique Identifiers||login||User's Login Information|
|cert||Unique Identifiers||certificate||User's Identity Certificate|
|gender||Demographic and Socioeconomic Data||unstructured||User's Gender (Male or Female)|
|employer||Demographic and Socioeconomic Data||unstructured||User's Employer|
|department||Demographic and Socioeconomic Data||unstructured||Department or Division of Organization where User is Employed|
|jobtitle||Demographic and Socioeconomic Data||unstructured||User's Job Title|
|home-info||Physical Contact Information, Online Contact Information, Demographic and Socioeconomic Data||contact||User's Home Contact Information|
|business-info||Physical Contact Information, Online Contact Information, Demographic and Socioeconomic Data||contact||User's Business Contact Information|
Note, that this data set includes elements that are actually sets of data themselves. These sets are defined in the Data Structures subsection of this document. The short display name for an individual element contained within a data set is defined as the concatenation of the short display names that have been defined for the set and the element, separated by a separator appropriate for the language/script in question, e.g. a comma for English. For example, the short display name for user.home-info.postal.postalcode could be "User's Home Contact Information, Postal Address Information, Postal code". User agent implementations may prefer to develop their own short display names rather than using the concatenated names when displaying information for the user.
5.6.2 Third Party Data
The thirdparty data set allows users and businesses to provide values for a related third party. This can be useful whenever third party information needs to be exchanged, for example when ordering a present online that should be sent to another person, or when providing information about one's spouse or business partner. Such information could be stored in a user repository alongside the user data set. User agents may offer to store multiple such thirdparty data sets and allow users to select the appropriate values from a list when necessary.
The thirdparty data set is identical with the user data set. See section 5.6.1 User Data for details.
5.6.3 Business Data
The business data set features a subset of user data relevant for organizations. In P3P1.0, this data set is primarily used for declaring the policy entity, though it should also be applicable to business-to-business interactions.
|business||Category||Structure||Short display name|
|name||Demographic and Socioeconomic Data||unstructured||Organization Name|
|department||Demographic and Socioeconomic Data||unstructured||Department or Division of Organization|
|cert||Unique Identifiers||certificate||Organization Identity Certificate|
|contact-info||Physical Contact Information, Online Contact Information, Demographic and Socioeconomic Data||contact||Contact Information for the Organization|
5.6.4 Dynamic Data
In some cases, there is a need to specify data elements that do not have fixed values that a user might type in or store in a repository. In the P3P base data schema, all such elements are grouped under the dynamic data set. Sites may refer to the types of data they collect using the dynamic data set only, rather than enumerating all of the specific data elements.
|dynamic||Category||Structure||Short display name|
|clickstream||Navigation and Click-stream Data, Computer Information||loginfo||Click-stream Information|
|http||Navigation and Click-stream Data, Computer Information||httpinfo||HTTP Protocol Information|
|clientevents||Navigation and Click-stream Data||unstructured||User's Interaction with a Resource|
|cookies||(variable-category)||unstructured||Use of HTTP Cookies|
|miscdata||(variable-category)||unstructured||Miscellaneous Non-base Data Schema Information|
|searchtext||Interactive Data||unstructured||Search Terms|
|interactionrecord||Interactive Data||unstructured||Server Stores the Transaction History|
These elements are often implicit in navigation or Web interactions. They should be used with categories to describe the type of information collected through these methods. A brief description of each element follows.
- The clickstream element is expected to apply to practically all Web sites. It represents the combination of information typically found in Web server access logs: the IP address or hostname of the user's computer, the URI of the resource requested, the time the request was made, the HTTP method used in the request, the size of the response, and the HTTP status code in the response. Web sites that collect standard server access logs as well as sites which do URI path analysis can use this data element to describe how that data will be used. Web sites that collect only some of the data elements listed for the clickstream element MAY choose to list those specific elements rather than the entire dynamic.clickstream element. This allows sites with more limited data-collection practices to accurately present those practices to their visitors.
- The http element contains additional information contained in the HTTP protocol. See the definition of the httpinfo structure for descriptions of specific elements. Sites MAY use the dynamic.http field as a shorthand to cover all the elements in the httpinfo structure if they wish, or they MAY reference the specific elements in the httpinfo structure.
- The cookies element should be used whenever HTTP cookies are set or retrieved by a site. Please note that cookies is a variable data element and requires the explicit declaration of usage categories in a policy.
- The miscdata element references information collected by the service that the service does not reference using a specific data element. Categories have to be used to better describe these data: sites MUST reference a separate miscdata element in their policies for each category of miscellaneous data they collect.
- The searchtext element references a specific type of solicitation used for searching and indexing sites. For example, if the only fields on a search engine page are search fields, the site only needs to disclose that data element.
- The interactionrecord element should be used if the server is keeping track of the interaction it has with the user (i.e. information other than clickstream data, for example account transactions, etc).
Microsoft has incorporated an implementation of P3P in its newest Web browser, Internet Explorer 6.0. At its most basic level, Internet Explorer 6.0 enables users to manage their privacy by giving them control over cookies based on the stated purpose of the cookie. This enables users to determine what Web sites they share information with and how those sites use that information.
Internet Explorer 6.0 does this by comparing the cookie´s machine-readable compact policy, with the user´s privacy settings. If the settings do not match or the cookie does not have a compact policy the cookie is either
|Definitions: Cookie Actions in IE 6.0|
|Accepted: Cookie was accepted but might be leashed|
Restricted: Cookie was accepted but downgraded to a session cookie
Blocked: Cookie was either suppressed or rejected
|Definitions: Key Terms in IE 6.0 Privacy Settings|
|PII: Personally identifiable information, such as name, address, etc.|
Non-Identifiable Information: Data is seen as non-identifiable in the sense of the present P3P specification, if there is no reasonable way for the entity or a third party to attach the collected data to the identity of a natural person.
First Party Cookies: Cookies that are placed on the user´s computer by the host domain of the Web site the user is visiting
Third Party Cookies: Cookies placed on the user´s computer by any domain other than the host of the Web site the user is visiting
Persistent Cookies: Cookies that are discarded when they reach their defined expiration time
Session Cookies: Cookies that do not have a specific expiration time and are discarded when IE is closed
Downgraded Cookies: A persistent cookie that is discarded when the session ends or at the expiration time, whichever is first
Leashed Cookies: Cookies sent only on requests for first party content. When requests for third party content is made, these cookies are suppressed
Microsoft has set the
Medium privacy level as the default when Internet Explorer is distributed. At this default setting, Microsoft has drawn a line to distinguish between
unsatisfactory cookies. An unsatisfactory cookie
contains or allows access to personally identifiable information that is used for unstated purposes or provided to recipients without user consent. (the
Unsatisfactory Cookie Rule) This means that Internet Explorer 6.0 checks whether a compact policy´s purposes (e.g. IVD and OTP) and recipients (e.g. OTR) include
opt-in options for users (e.g. IVDo, OTPi, and OTRo).
The following chart summarizes the impact of IE 6 on cookies under the default user setting of
|Cookie Type||Task||"Medium" Privacy setting||Implications for Compact Policy|
|First Party||Visited Web Site||If a first party cookie does not have a compact policy at all, then it will be
restricted. If a first party cookie has a compact policy and the policy violates the
unsatisfactory cookie rule, then it will be restricted.
|a) If the site relies on the use of persistent cookies, then it should definitely deploy compact policies.|
b) If the organization offers users a way to
opt-out of having their PII used for unstated purposes or disclosed to third parties, be sure to include
Is as appropriate within the compact policy.
|User Experience||If a cookie has been restricted, a Web site will not be able to use information for Web ads, tracking, etc. once user leaves site.|| |
|Third Party||Visited Web Site||Blocks cookies without compact policies. Blocks cookies that ask for PII without user's implicit consent.||a) If the site relies on the use of third party cookies, then it should deploy compact policies with the third party cookies that it controls and require its third party vendors that set cookies to implement P3P compact policies as well. |
b) Third party cookies will be accepted only if one of the following is true:
1) The cookie collects or associates only non-identifiable information (represented by use of the
NOI code within the compact policy); or
2) The cookie does collect or associate with PII but only after the user provides implicit consent, represented by attaching
i to each purpose and recipient.
|User Experience||Any display or function requiring third party cookies that do not have compact policies will be blocked.|| |
In those cases that a cookie does not match the user´s privacy settings, the user will be notified by the privacy icon, which is an eyeball and a European
do not enter sign icon in the browser´s bottom left icon tray. By clicking on this icon, users will be able to see what cookies were blocked, whether their sites have P3P privacy statements and, if so, what these statements are.
The Privacy Report
For a more detailed description of the Microsoft implementation of P3P, see Microsoft´s Internet Explorer developers´ Web site at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp
What happens when P3P compliant site http://www.example.com sets a unique domain level cookie?
- www.example.com is P3P compliant and operated under the entity Example, Inc.
- www.example.com sets/logs a persistent cookie, GUID=abc123 scoped to the *.example.com domain.
- www.example.com will only use the cookie to analyze pseudonymous user visits on the www.example.com site.
- www.example.com logs <PREFERENCE> data that a user may find sensitive in combination with <PHYSICAL> <ONLINE> or <GOVERNMENT>
- www.example.com DOES NOT link <PHYSICAL> <ONLINE> or <GOVERNMENT> categories
- www.example.com is not aware of:
- if all servers on the domain are p3p compliant
- the extent to which all servers on the domain are controlled by the example.com organization (the entity declared by www´s policy)
- other unique cookies that may be logged in conjunction with the GUID cookie or what those cookies link to
- if that cookie is ever logged with authentication tying the cookie to offline data
- ad.example.com is P3P compliant and operated under the entity Example, Inc.
- ad.example.com sets/logs a persistent cookie, LUID=cde456 scoped to the host level but in logging cookies inadvertently logs ALL cookies scoped to server including GUID set by www
- ad.example.com links the LUID cookie to a relational database storing information about the advertisers a cookie has seen, the sites a cookie has visited, the ads the cookie has clicked on, etc
- intra.example.com is not P3P compliant but is completely run and operated by entity Example, Inc.
- intra.example.com sets/logs a persistent cookie, lang=eng, scoped to the host but inadvertently logs all cookies scoped to the server including GUID set by www
- intra.example.com requires user authentication. The authentication is logged in a 1:1 relationship with the GUID cookie. The authentication also maps directly to a human resources database storing all information a company has on the authenticated user and therefore the formerly anonymous cookie.
- Mail.example.com is operated on behalf of Example, Inc. by ThirdPartyCo. ThirdPartyCo has some rights to log files on servers that it runs.
- Mail.example.com has no access to what is linked to the GUID cookie on sites under the control of entity Example, Inc.
- Mail.example.com is not concerned with what it logs in conjunction with the cookie. It may log refer, authentication, or name/values in GET method forms