[Bug 27268] New: Add a definition of a distinctive identifier

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268

            Bug ID: 27268
           Summary: Add a definition of a distinctive identifier
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: hsivonen@hsivonen.fi
        QA Contact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html-media@w3.org

In order to be able to refer to it from text to be requested in subsequent bug
reports, in the section for definitions, please add a definition for a
"distinctive identifier". I suggest the term to be defined as follows:

(Start proposed spec text)

A distinctive identifier is a piece of data or implication of the possession of
a piece of data or an observable behavior or timing for all the following
criteria hold:
 1) It is exposed to outside the browsing device or exposed to the application
such that the application has the opportunity to send it (even if in encrypted
form if decryptable outside the device) or information about it outside the
browsing device.
 2) It is not shared across a large population of users or devices.
 3) It is used in more than one session or is potentially used in one
persistent session across the point of persistence.

A distinctive identifier is typically unique to user or device, but an
identifier doesn't need to be strictly unique to be distinctive. (An identifier
shared among a small number of users could still be distinctive.)

Examples of distinctive identifiers include but are not limited to:
 * A string of bytes that is included in key requests and that is different
from the string included by other devices.
 * A public key included in key requests that is different from the public keys
included in the requests by other devices.
 * Demonstration of possession of a private key (e.g. by signing some data)
that other devices don't have.
 * A key id for such a key.

Examples of things that are not distinctive identifiers:
 * A public key shared among all copies of a given CDM version if the installed
base is large.
 * A nonce that's unique but used in only one non-persistent session.
 * Device-unique keys used in attestations between e.g. graphics/video
components and the CDM when the CDM does not let these attestations further
flow to the application and instead makes a new attestation on its own using a
key that does not constitute a distinctive identifier e.g. due to the first
point on this list.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 7 November 2014 12:12:42 UTC