Onbe has a ssl session with site#1. Then one dupes the browser and the duped
page gets a new sslsessiond after a refresh. In duped+refreshed windows, one
links on to a subsite.
Should the user use a logout button on the site#1, what happens to the users
access to resources on site#2?
Site#1 has no knowledge that Site#2's sslsessionid is in some sense derived
from its own, note. (This notion could be modeled properly in a https-bis,
but it is not in 1994- era https).
Assume both sslsessionids have the same client cert (for now).
From: Henry Story [mailto:henry.story@bblfish.net]
Sent: Friday, February 11, 2011 10:41 AM
To: Peter Williams
Cc: corani@gmail.com; jan@wildeboer.net; public-xg-webid@w3.org;
foaf-protocols@lists.foaf-project.org
Subject: Re: [foaf-protocols] privacy considerations: can a nosy https: site
probe user identity without explicit permission?
On 11 Feb 2011, at 19:10, Peter Williams wrote:
It's correct that the hard version of the problem is the logout problem -
which is only a coded way of talking about that which cannot be named:
sessions.
> From: corani@gmail.com
> I believe this is very similar to the "logout" problem, and should be
> solved in conjunction with that.
Why is that a hard problem?
There are some parts that are simple:
- a UI to show what you are logged in as and to enable the anonymous mode
- Tying cookies and SSL sessions to identities
The hard problem is information leakage, but that is something one can build
up over time. How far you go there depends on how much you want to protect
identities and cross referencing.
Henry