W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Henry Story <henry.story@co-operating.systems>
Date: Fri, 25 Sep 2015 11:03:38 +0100
Cc: Dave Longley Longley <dlongley@digitalbazaar.com>, Martin Paljak <martin.paljak@ria.ee>, Halpin Harry <hhalpin@w3.org>, public-web-security@w3.org, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-Id: <017BD36D-6340-41B3-86F1-C464B55B4FC1@co-operating.systems>
To: Dave Raggett <dsr@w3.org>

> On 25 Sep 2015, at 10:38, Dave Raggett <dsr@w3.org> wrote:
> 
> 
>> On 24 Sep 2015, at 22:02, Dave Longley <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>> wrote:
>> 
>> We also need to be careful about the privacy implications here. To
>> explain this I'm going to lay out some quick terminology for a
>> user-centric system.
>> 
>> In the Credentials CG work, we have four main parties that are involved
>> in a "credentials ecosystem". Here's a brief overview:
>> 
>> 1. Users - entities about which claims are made
>> 2. Issuers - services that make claims
>> 3. IdPs - services that aggregate claims on behalf of Users
>> 4. Consumers - services that request and make use of claims
>> 
>> Now, regarding privacy, it would be ideal if a User could interact with
>> Consumers without Issuers or IdPs being made aware of this fact. If
>> information is going to be transferred "server-to-server", this property
>> should be preserved.
> 
> A further desirable property would be that the identifiers used between the User and Consumer are short lived (i.e. session based), to minimise loss of privacy across sessions or across Consumers.

Are you saying: all identifiers should have that property? Or are you saying there is a use case for such identifiers?

I am not sure privacy is exactly the property you'd get with such a mechanism. Rather you'd get short lived identity, and short lived trakability. 

If I want to have a private conversation with someone, I don't want the conversation to be with someone else, or break up every few minutes in such a way that I can't actually conduct the conversation. If parents want to have a private conversation with their children attending various schools and universities across the world, they don't want to not be able to tell who they are talking to. Rather they want the conversation to remain within the boundaries of the group in which it is had, where the group can decide whether it can make a public statement before information is released.

I tried yesterday to put a little section on Privacy in the SOP wiki page to that effect

https://www.w3.org/Security/wiki/IG/a_view_on_SOP#Privacy <https://www.w3.org/Security/wiki/IG/a_view_on_SOP#Privacy>

Perhaps we can get feedback from the privacy WG about that section.

Henry

PS. I'll answer Tony Acieri's point on cookies next. 

> 
> 
>    Dave Raggett <dsr@w3.org <mailto:dsr@w3.org>>
> 
> 
> 
Received on Friday, 25 September 2015 10:04:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC