Session-Id and privacy mechanisms from Koen Holtman on 1995-07-22 (www-talk@w3.org from July to August 1995)

From: Koen Holtman <koen@win.tue.nl>
Date: Sat, 22 Jul 1995 11:47:52 +0200 (MET DST)
To: www-talk@w3.org
Cc: koen@win.tue.nl (Koen Holtman)
Message-Id: <199507220947.LAA05229@wswiop05.win.tue.nl>

I've been thinking about the relation between adding session-ids to
get statefull dialogs and adding session-ids to get better statistics
for the marketing department.

There are two possibilities:

1) combine them: make one session-id mechanism that caters for
   both.  Client-generated stuff in the From header seems the obvious
   choice.

2) separate them: add
 a) a server-initiated session-id mechanism to get statefull dialogs
 b) a client-generated session-id (in From) to get better statistics.

The advantage of 1) should be clear: two problems solved for the price
of one.

*Some* implementations of 2) could be better because of privacy
reasons.  a) and b) could be switched on and off independently. 

*If* browsers have a configuration screen like

   +-----------------------------------------------------------------+
    Handling of a) `statefull dialog' session-id requests:
        ( ) Always honor request
        ( ) Always honor request if it was done in a response to
            a form submission (POST).
        (*) Ask once for every site, use reply in later sessions
        ( ) Never honor request

    Generate b) statistics-enhancing session-ids:
        ( ) Yes
        (*) No
   +-----------------------------------------------------------------+

where the (*) are the default settings, *and if* a web culture
develops in which commercial sites asking for a `statefull dialog'
session-id if the browser does not send a `statistics' session-id,
purely to get better statistics, are considered rude, *then* current
levels of privacy could be mostly retained.

Some issues related to such an elaborate scheme for retaining privacy
are:

 - How do we translate the above configuration screen to something
   that can be understood by the average user?

 - Do we really want it?  This is only relevant for large numbers of
   users behind proxies accessing popular sites anyway.  Are they
   really worth the effort?

 - What happens if the makers of commercial browsers get interested in
   expanding their business to making web statistics packages, and
   start shipping browsers with default setting

    Generate b) statistics-enhancing session-ids:
        (*) Yes
        ( ) No ,

   or even hard-wire this choice into their browsers?  In the light of
   this, does it even make sense to carefully design HTTP in such a
   way that the proxy/popular_site privacy advantage can be retained?


Koen.

Received on Saturday, 22 July 1995 05:47:56 UTC