[Bug 27268] Add a definition of a distinctive identifier

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268

--- Comment #6 from David Dorwin <ddorwin@google.com> ---
(In reply to Henri Sivonen from comment #5)
> (In reply to David Dorwin from comment #1)
> > https://github.com/w3c/encrypted-media/commit/
> > ce5d69ae56fc9cc890a02b132533431d54089780 adds the definition. It is mostly
> > the the proposed text from comment #0.
> > 
> > I have some questions for Henri below.
> > 
> > (In reply to Henri Sivonen from comment #0)
> > >  3) It is used in more than one session
> > By "session", do you really mean MediaKeySession? What about sessions within
> > the same MediaKeys object?
> 
> I think I don't understand the implications of the distinction well enough
> to give an informed response at this time.

I want to understand the type of session you were referring to so that I can
eliminate the ambiguity in the spec. I think the problem is that the identifier
is the same between, for example, visits to a page. This could be a browsing
session. I don't think you meant MediaKeySession, since MediaKeySessions share
a MediaKeys object and CDM instance and thus likely share identifiers.
> 
> > > or is potentially used in one
> > > persistent session across the point of persistence.
> > Please clarify and/or explain the purpose of this text.
> 
> The purpose of this text is to close a loophole where a never-ending
> persistent session could carry around something that's seemingly a
> throw-away (and, therefore, presumptively not distinctive) value like a
> nonce, but it doesn't actually get thrown away in reasonable time and
> becomes a tracking id (i.e. distinctive for practical purposes).

Is the never-ending persistent session internal to the CDM or is it left and
used by the application? Any persistent session provides tracking just like a
cookie. It's unlikely that persistent sessions would be identical on two
systems. What is your specific concern beyond that?

Note: The user should be able to clear persistent sessions (like cookies),
which should erase such an ID.
> 
> > >  * A nonce that's unique but used in only one non-persistent session.
> > What is the importance of "non-persistent" here? (I did not include this in
> > the change.)
> 
> See above about using a never-ending persistent session for tracking users.

Okay. If I understand correctly, you consider any nonce in a persistent session
to be a distinctive identifier.

I am arguing that any persistent session is likely to be a distinctive
identifier by that logic. While such things could be used to track a user
(unless/until the sessions are cleared by the user), I think this waters down
the meaning of distinctive identifier and distracts from the far more
concerning types of identifiers. Perhaps we should add a note somewhere
explaining out persistent sessions could be used to track users.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 15 January 2015 18:09:48 UTC