OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SessionIndex past discussion and proposed text


I took an AI to try and plow through all the past and current discussions
around this issue. The first step was to go back through some of the
minutes:

Boston, Feb 2004
http://lists.oasis-open.org/archives/security-services/200402/msg00091.html
Not much real discussion, no conclusions.

Austin, Mar 2004
http://lists.oasis-open.org/archives/security-services/200404/msg00020.html

Some discussion by Prateek that using AssertionID would prevent
non-privacy-preserving use cases in which you *want* to correlate sessions
across SPs.

There wasn't much concluded, and the end result was me adopting text from
ID-FF, but mangling it.

Paul, Conor, Thomas, et al. have proposed various suggested alterations to
the existing text that I have synthesized into a proposal. I've placed this
text into the core draft I'm going to upload, but it can be replaced if this
text isn't approved. What's there is wrong, so I felt obliged to replace it
even ahead of any final approval.

Here's my proposed text, derived from Paul's and Conor's suggestions. It
notes that privacy might not be consideration, but if it is, RECOMMENDS
(normatively) the two solutions we know of:

"In general, any string value MAY be used as a SessionIndex value. However,
when privacy is a consideration, care must be taken to ensure that the
SessionIndex value does not invalidate other privacy mechanisms. In such
cases, the value MUST NOT be usable to correlate activity by a principal
across different session participants. Two solutions that achieve this goal
are provided below and are RECOMMENDED:

	- Use small positive integers (or reoccurring constants in a list)
for the SessionIndex. The authority SHOULD choose the range of values such
that the cardinality of any one integer will be sufficiently high to prevent
a particular principal's actions from being correlated across multiple
session participants. The authority SHOULD choose values for SessionIndex
randomly from within this range (except when required to ensure unique
values for subsequent statements given to the same session participant but
as part of a distinct session).

	- Use the enclosing assertion's ID value in the SessionIndex."

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]