- From: <bugzilla@jessica.w3.org>
- Date: Fri, 07 Nov 2014 12:12:40 +0000
- To: public-html-media@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268 Bug ID: 27268 Summary: Add a definition of a distinctive identifier Product: HTML WG Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Encrypted Media Extensions Assignee: adrianba@microsoft.com Reporter: hsivonen@hsivonen.fi QA Contact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-media@w3.org In order to be able to refer to it from text to be requested in subsequent bug reports, in the section for definitions, please add a definition for a "distinctive identifier". I suggest the term to be defined as follows: (Start proposed spec text) A distinctive identifier is a piece of data or implication of the possession of a piece of data or an observable behavior or timing for all the following criteria hold: 1) It is exposed to outside the browsing device or exposed to the application such that the application has the opportunity to send it (even if in encrypted form if decryptable outside the device) or information about it outside the browsing device. 2) It is not shared across a large population of users or devices. 3) It is used in more than one session or is potentially used in one persistent session across the point of persistence. A distinctive identifier is typically unique to user or device, but an identifier doesn't need to be strictly unique to be distinctive. (An identifier shared among a small number of users could still be distinctive.) Examples of distinctive identifiers include but are not limited to: * A string of bytes that is included in key requests and that is different from the string included by other devices. * A public key included in key requests that is different from the public keys included in the requests by other devices. * Demonstration of possession of a private key (e.g. by signing some data) that other devices don't have. * A key id for such a key. Examples of things that are not distinctive identifiers: * A public key shared among all copies of a given CDM version if the installed base is large. * A nonce that's unique but used in only one non-persistent session. * Device-unique keys used in attestations between e.g. graphics/video components and the CDM when the CDM does not let these attestations further flow to the application and instead makes a new attestation on its own using a key that does not constitute a distinctive identifier e.g. due to the first point on this list. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Friday, 7 November 2014 12:12:42 UTC