Security

Book helps you enforce Web privacy with P3P

Privacy is a continuing worry for most Web users and developers. This recently released book from O'Reilly publishers provides all the information you need to get going with one privacy initiative, P3P.


Web Privacy with P3P by Lorrie Cranor explains the history, implementation, and development of the P3P standard. Considerations of Web privacy and how P3P is used to address these issues on the Web are consistent throughout the book. From a technical side, Web developers implementing P3P should get a copy of the book as a primary reference for this technology.

Web Privacy with P3P

By Lorrie Cranor
O'Reilly
September 2002
344 pages
ISBN: 0-596-00371-4
Cover price: $39.95



The layout
The book is divided into three parts. The first part includes a detailed account of privacy issues as well as the five-year history of P3P. For a marketing person or manager, the first four chapters offer a unique insight into how a World Wide Web Consortium (W3C) working group operates; the section also describes the hurdles of developing such a specification over the course of several years. This part of the book (80 pages or so) is very detailed and contains a lot of information, so it takes some time to read.

The second part of the book, “P3P-enabling your Web Site,” is written for the Web developer who needs to implement P3P. The examples are well explained and there are usually several included for each topic. This section also describes some tools (e.g., IBM’s P3P Editor and the W3C P3P Validator) that are available and how to use them.

The third and final part of the book is about developing user agents and P3P software in general. People who need to read either part one or part two of the book will probably find these last four chapters rather intimidating. For a developer who is very interested in the technology, however, there is enough information and detail to begin writing software to actually analyze P3P policies on enabled sites.

The last section of the book contains a large, 30-page appendix providing developers with a quick reference to basic XML structures, how to use IE6 and P3P, and details on configuring a Web server to use P3P.

Redundant information
Reading the book straight through, I noticed that some information, such as the explanations of datasets and policy reference files, is included in each part. Of course, this is great if you are reading only one part of the book, but it gets a little confusing (and redundant) if you are going back and forth between different chapters in different parts of the book.

Learn more about P3P
Take a look at these Builder.com articles for more information on P3P:

A must if you are working with P3P
At first, I was surprised that an entire book could be written about P3P. The specification is not very long (see the W3C Web site). However, Lorrie Cranor has provided a detailed history and did not skimp at all on giving developers plenty of information to work with. She created the definitive guide to P3P, which makes implementing good privacy practices on Web sites easier and provides some good reading about Internet privacy.

The only thing missing from the book is a CD-ROM. There are URLs to the book's Web site, but an accompanying CD would be great. It could have included IBM’s editor and a validation tool as well.

Editor's Picks