W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: Unique identifiers and WebCrypto

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 8 Nov 2012 20:22:42 +0000
To: Thomas Hardjono <hardjono@MIT.EDU>
CC: Wan-Teh Chang <wtc@google.com>, Seetharama Rao Durbha <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-ID: <8DC1FE19-98B6-483D-BE9B-D2C7C202F634@netflix.com>

On Nov 8, 2012, at 11:59 AM, Thomas Hardjono wrote:

> 
>> -----Original Message-----
>> From: Mark Watson [mailto:watsonm@netflix.com]
>> Sent: Thursday, November 08, 2012 2:47 PM
>> To: Wan-Teh Chang
>> Cc: Thomas Hardjono; Seetharama Rao Durbha; public-webcrypto@w3.org
>> Group
>> Subject: Re: Unique identifiers and WebCrypto
>> 
>> 
>> On Nov 8, 2012, at 11:34 AM, Wan-Teh Chang wrote:
>> 
>>> On Thu, Nov 8, 2012 at 11:27 AM, Mark Watson <watsonm@netflix.com>
>> wrote:
>>>> 
>>>> My objective with the feature in question here is that the
> privacy
>>>> implications be no worse than (and hopefully better than) cookies
>> and
>>>> web storage. One aspect in which the situation is better is that
>>>> users have very little idea what a site will use cookies and web
>>>> storage for when they give permission. Giving a site permission
> to
>>>> access an (origin-specific) device identifier is arguably easier
> to
>>>> understand.
>>> 
>>> If I understand it correctly, the perceived problem with an
>>> origin-specific device identifier is that it is "read only" and
>> cannot
>>> be deleted by the user.
>> 
>> Well, UAs may choose to allow users to delete the identifier. From
> the
>> site's point of view that's indistinguishable anyway from the site
> not
>> being authorized by the user to see it. The issue is that if you
> delete
>> such an identifier, services that need it may not work any more and
>> users need to be warned about that. On a TV this would be a
>> "permanently disable service X" button. Personally I would happily
> use
>> that feature on certain TV channels ;-)
>> 
>>> 
>>> On the other hand, the user can effectively change the device
>>> identifier by getting a new device,
>> 
>> Depending on device implementation, it may be able to change its
> device
>> identifier at user request.
>> 
>>> whereas an (origin-specific) user identifier, such as my Yahoo
> Mail
>>> account and Amazon.com account, usually last much longer than the
>>> lifetime of a device. So it's not clear to me if a device
> identifier
>>> has more serious privacy issues.
>>> 
>>> Wan-Teh
> 
> I may be way off, but isn't this precisely the challenge of
> privacy-preserving identity:  
> (a) how a user-selected identifier can be bound (unbound) by the user
> to a service-issued identifier;
> (b) how the user can select a new identifier and re-bound it to an old
> service-issued identifier.
> (c) how to do (a) and (b) with the assurance that neither the UA nor
> the service is keeping track of the bindings.

Are you suggesting that all identifiers should have the above properties ? Or just that we should make identifiers with these properties available to users and services ?

If the former, how would you support a service which offered each person a one-off one-month free trial ? How would you detect fraud ?

ůMark

> 
> 
> /thomas/
> 
> 
> 
> 
> 
> 
> 
Received on Thursday, 8 November 2012 20:23:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC