Onbe has a ssl session with site#1. Then one dupes the browser and the duped page gets a new sslsessiond after a refresh. In duped+refreshed windows, one links on to a subsite. Should the user use a logout button on the site#1, what happens to the users access to resources on site#2? Site#1 has no knowledge that Site#2's sslsessionid is in some sense derived from its own, note. (This notion could be modeled properly in a https-bis, but it is not in 1994- era https). Assume both sslsessionids have the same client cert (for now). From: Henry Story [mailto:henry.story@bblfish.net] Sent: Friday, February 11, 2011 10:41 AM To: Peter Williams Cc: corani@gmail.com; jan@wildeboer.net; public-xg-webid@w3.org; foaf-protocols@lists.foaf-project.org Subject: Re: [foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission? On 11 Feb 2011, at 19:10, Peter Williams wrote: It's correct that the hard version of the problem is the logout problem - which is only a coded way of talking about that which cannot be named: sessions. > From: corani@gmail.com > I believe this is very similar to the "logout" problem, and should be > solved in conjunction with that. Why is that a hard problem? There are some parts that are simple: - a UI to show what you are logged in as and to enable the anonymous mode - Tying cookies and SSL sessions to identities The hard problem is information leakage, but that is something one can build up over time. How far you go there depends on how much you want to protect identities and cross referencing. Henry
Received on Friday, 11 February 2011 21:53:37 UTC