Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The well-known location method (which usage is strongly recommended by the W3C)<br />
refers to the mechanism of making the privacy reference file available on the website at<br />
the path “/w3c/p3p.xml”. This allows user-agents to easily find the necessary information.<br />
Additionally, by using this method websites make sure that user-agents can access<br />
the policies before any other requests of the website were transmitted which is essential<br />
for the “safe zone” requirement (see below). This method is also very useful for big<br />
websites with several hosts because it is an easy way to make sure that every host can<br />
publish its P3P policies independently.<br />
Another mechanism is the HTTP header method which indicates the location by<br />
adding a new response header (the P3P response) to the HTTP header answering a<br />
request. The P3P specification defines that with the policyref -directive, an URI must<br />
be provided which indicates the location of the proper XML-files. An example HTTP<br />
response header to a GET request may look like this:<br />
HTTP/ 1.1 200 OK<br />
P3P : p o l i c y r e f =”http : / / c a t a l o g . example . com/P3P/ P o l i c y R e f e r e n c e s . xml”<br />
Content−Type : t e x t /html<br />
Content−Length : 7413<br />
Server : CC−Galaxy / 1 . 3 . 1 8<br />
Listing 3.1: HTTP response header with P3P (Source: [W3Ca])<br />
However, to successfully deploy this method administrators have to edit the server configuration.<br />
An alternative which does not require any change in the webservers’ configuration<br />
is the link tag method. Here, a simple (X)HTML link tag must be added to every<br />
website to indicate the P3P version and the URI where the necessary policy reference<br />
file can be found. A possible example is shown in Figure 3.2.<br />
<br />
Listing 3.2: Link tag method for indicating policy reference file (Source: [W3Ca])<br />
Besides requirements specifically applicable to P3P policies or policy reference files, also<br />
other requirements were defined:<br />
20<br />
• Non-ambiguity: Unless in exceptional cases, websites must be cautious not to<br />
declare multiple (non-expired) policies for a given URI. In such cases, all policies<br />
must be complied with because websites cannot make sure which policy has<br />
been fetched by user-agents. The P3P specification also defines which policy is<br />
applicable in the case of conflicting policies.