I used to use the IBM P3P policy editor. The link has been broken for some time, but you can still find it at softpedia. It is not open source, but it is free, and I guess you could decompile (it is Java based) it to see what is going on inside.
http://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml
