Can you recommend a good p3p policy editor?

preferably open source + free.

I think that P3P standard is 'dead'. See these posts: http://www.cylab.cmu.edu/research/techreports/2010/tr_cylab10014.html

http://www.zdnet.com/blog/facebook/facebook-to-microsoft-p3p-is-outdated-what-else-ya-got/9332

http://www.techpolicy.com/Cranor_InternetExplorerPrivacyProtectionsBeingCircumvented-by-Google.aspx

You don't need anymore a P3P editor. Just insert an header like:

CP="This is not a privacy policy!"

This is an invalid P3P policy but internet explorer with an invalid P3P policy simply consider your cookie good and it isn't blocked.

I used to use the IBM P3P policy editor. The link has been broken for some time, but you can still find it at softpedia. It is not open source, but it is free, and I guess you could decompile (it is Java based) it to see what is going on inside.

http://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml