Page Index Toggle Pages: 1 Print
P3P Privacy Compliance Standard - YaBB (Read 5686 times)
Captain John
Ex Member


P3P Privacy Compliance Standard - YaBB
Oct 12th, 2007 at 3:32am
Print Post  
It's new, it's exiting, it's in most new browsers ......

Here's how you make your site/ board P3P valid (Privacy Policy)

You need to do some work to get it done, but at least your browser will not complain about it anymore.

In your webroot (the same place where you have your yabbfiles dir) create two new dirs:

1. Create a dir called /w3c

Inside this dir there is a file called p3p.xlm which holds the reference to your privacy policy statement

This files could look like this:

Code
Select All
<META xmlns="" target="_blank">http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
 <EXPIRY max-age="172800"/>

   <POLICY-REF about="/privacy/policy.xml#policy">
     <INCLUDE>/*</INCLUDE>
     <EXCLUDE>/cgi-bin/*</EXCLUDE>
   </POLICY-REF>
</POLICY-REFERENCES>
</META> 




And shows the browser where the real policy xml set is found (in this example in a dir called privacy in the file policy.xml)
The anchor refers to the first policy set inside this xml file (you could have multiple policies for different parts of your site).

Ok, one down, two to go:

2. Create another dir (in the example /privacy but this could be called whatever you like as long as you refer to it in the p3p.xml file).

Inside this dir you must at least have one xml file (called privacy.xml in the example, but again this name is free to choose as long as the reference is set to it in p3p.xml)

This xml file should at least have the following elements:

Code
Select All
<?xml version="1.0"?>
<POLICIES xmlns="" target="_blank">http://www.w3.org/2002/01/P3Pv1">
   <!-- Generated by YaBB V2.2 on May 3rd 2006 at 11:22 PM -->

   <!-- Expiry information for this policy -->
   <EXPIRY max-age="604800"/>

<POLICY discuri="http://www.spikecity.net/index.php?page=privacy" name="policy">
   <!-- Description of the entity making this policy statement. -->
   <ENTITY>
   <DATA-GROUP>
<DATA ref="#business.contact-info.telecom.telephone.intcode">1</DATA>
<DATA ref="#business.contact-info.telecom.telephone.loccode">333</DATA>
<DATA ref="#business.contact-info.telecom.telephone.number">8888888</DATA>
<DATA ref="#business.contact-info.online.email">privacy@*****.net</DATA>
<DATA ref="#business.contact-info.online.uri">http://www.*****.net</DATA&gt;
<DATA ref="#business.name">Spikecity.net Services</DATA>
   </DATA-GROUP>
   </ENTITY>

   <!-- Disclosure -->
   <ACCESS><all/></ACCESS>

   <!-- Disputes -->
   <DISPUTES-GROUP>
	 <DISPUTES resolution-type="service" service="http://www.*******.net/index.php?page=privacy</span>" short-description="Information Service">
	 <LONG-DESCRIPTION>I fyou have questions about our privacy rules, please send an email to privacy@******.net.</LONG-DESCRIPTION>
   <!-- No remedies specified -->
	 </DISPUTES>
   </DISPUTES-GROUP>

   <!-- Statement for group "Access log information" -->
   <STATEMENT>
	 <EXTENSION optional="yes">
	     <GROUP-INFO name="Access log information"/>
	 </EXTENSION>

   <!-- Consequence -->
   <CONSEQUENCE>We keep a standard log for access and system administration, and also for development purposes. This information will not be used for any other purposes and will not be sold, forwarded or released to any third party.</CONSEQUENCE>

   <!-- Use (purpose) -->
   <PURPOSE><admin/><current/><develop/></PURPOSE>

   <!-- Recipients -->
   <RECIPIENT><ours/></RECIPIENT>

   <!-- Retention -->
   <RETENTION><indefinitely/></RETENTION>

   <!-- Base dataschema elements. -->
   <DATA-GROUP>
   <DATA ref="#dynamic.clickstream"/>
   <DATA ref="#dynamic.http"/>
   <DATA ref="#dynamic.cookies"><CATEGORIES><navigation/><preference/><state/></CATEGORIE
S></DATA>
   </DATA-GROUP>
</STATEMENT>


   <!-- Statement for group "Registrant data" -->
   <STATEMENT>
	 <EXTENSION optional="yes">
	     <GROUP-INFO name="Registrant data"/>
	 </EXTENSION>

   <!-- Consequence -->
   <CONSEQUENCE>We only register the data you entered in the fill out form to be able to serve you best and to give other members an idea of who you are (which you are free to fill out or leave blank).</CONSEQUENCE>

   <!-- Use (purpose) -->
   <PURPOSE><contact required="always"/><current/><develop/></PURPOSE>

   <!-- Recipients -->
   <RECIPIENT><ours/></RECIPIENT>

   <!-- Retention -->
   <RETENTION><indefinitely/></RETENTION>

   <!-- Base dataschema elements. -->
   <DATA-GROUP>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><physical/></CATEGORIES></DATA>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><online/></CATEGORIES></DATA>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><demographic/></CATEGORIES></DATA>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><preference/></CATEGORIES></DATA>
   </DATA-GROUP>
</STATEMENT>

   <!-- Statement for group "Email data" -->
   <STATEMENT>
	 <EXTENSION optional="yes">
	     <GROUP-INFO name="Email data"/>
	 </EXTENSION>

   <!-- Consequence -->
   <CONSEQUENCE>We only use your email address to send mail to you if requested. Your address will not be sold, forwarde or released to any third party.</CONSEQUENCE>

   <!-- Use (purpose) -->
   <PURPOSE><current/></PURPOSE>

   <!-- Recipients -->
   <RECIPIENT><ours/></RECIPIENT>

   <!-- Retention -->
   <RETENTION><indefinitely/></RETENTION>

   <!-- Base dataschema elements. -->
   <DATA-GROUP>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><content/></CATEGORIES></DATA>
   <DATA ref="#dynamic.miscdata"><CATEGORIES><online/></CATEGORIES></DATA>
   </DATA-GROUP>
</STATEMENT>

<!-- End of policy -->
</POLICY>
</POLICIES> 




This is only the xml file that gives the users browser an idea what kind of stuff is requested and what it is used for.

So in order to make it complete you also need a human readable policy declaration.

3. In the example privacy.xml from my site you will see a reference in the<POLICY discuri="http://www.spikecity.net/index.php?page=privacy" name="policy">  and <DISPUTES resolution-type="service" service="http://www.*******.net/index.php?page=privacy</span>" short-description="Information Service">  elements which point to a human readable page on my CMS system where users can read in plain text what our privacy statement and dispute reolution is.

This can be the same page twice if your policy and dispute resolution are on the same page, but they could be two different pages

Make sure this/thess page(s) exists and is/are accesible as the validator will check it !!

Almost there, as there is one thing you need to do.

4. You will have to set a html reference tag inside the <head>....</head> section of you website/YaBB template.

this looks like:

Code
Select All
<link rel="P3Pv1" href="" target="_blank">http://www.********.net/w3c/p3p.xml"> 




and which points to the full url of  w3c/p3p.xml on your website.

If all is done well and no typoos are made you should be able to run your site through the validator and get the all clear sign.

5. http://www.w3.org/P3P/validator.html

6. There is another thing you can also add, which is adding a short P3P header into the webserver output (which is a shorthand version of the privacy.xml file above) but as not all server accept custom headers and even less server accept non recognised metadata entries this is not mandatory if you use the link reference method.

And a valid site report looks like this (don't get scared on the URI as it is just a CMS IFRAME calling YaBB.pl Wink):

[quote]
Results of P3P validation
Target URI: http://www.spikecity.net/index.php?page=forum


--------------------------------------------------------------------------------



Step 1: /w3c/p3p.xml Validation

URI: http://www.spikecity.net/w3c/p3p.xml

Step 1-1: Access check

/w3c/p3p.xml can be retrieved.

Message: The content type of /w3c/p3p.xml is application/xml.

Step 1-2: Syntax check

/w3c/p3p.xml has no syntax errors.

Step 1-3: Policy URI check

/w3c/p3p.xml has no warnings or errors.

Message: P3P policy indicated at line 5 can be accessed.


P3P policy for http://www.spikecity.net/index.php?page=forum is [http://www.spikecity.net/privacy/policy.xml#policy]


--------------------------------------------------------------------------------



Step 2: HTTP Protocol Validation ( HTTP headers )

HTTP headers have no P3P: header.


--------------------------------------------------------------------------------



Step 3: HTML File Validation

HTML document is P3P compliant.

Message: HTML document has P3P compliant <link> element.

<link rel="P3Pv1" href="" target="_blank">http://www.spikecity.net/w3c/p3p.xml">
--------------------------------------------------------------------------------



Step 4: Policy File Validation

URI: http://www.spikecity.net/privacy/policy.xml#policy

Step 4-1: Syntax check

Policy file has no syntax errors.

Step 4-2: Vocabulary check

Policy file has no vocabulary errors.

Step 4-3: Link check

Policy file has no link errors.

Message: line 8: discuri attribute of <POLICY> element can be accessed.

Message: line 26: service attribute of <DISPUTES> element can be accessed. [/qoute]


Credit SpikeCity  http://www.yabbforum.com/community/YaBB.pl?num=1147812527


  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Print
 
  « Board Index ‹ Board  ^Top