[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SessionIndex past discussion and proposed text
I took an AI to try and plow through all the past and current discussions around this issue. The first step was to go back through some of the minutes: Boston, Feb 2004 http://lists.oasis-open.org/archives/security-services/200402/msg00091.html Not much real discussion, no conclusions. Austin, Mar 2004 http://lists.oasis-open.org/archives/security-services/200404/msg00020.html Some discussion by Prateek that using AssertionID would prevent non-privacy-preserving use cases in which you *want* to correlate sessions across SPs. There wasn't much concluded, and the end result was me adopting text from ID-FF, but mangling it. Paul, Conor, Thomas, et al. have proposed various suggested alterations to the existing text that I have synthesized into a proposal. I've placed this text into the core draft I'm going to upload, but it can be replaced if this text isn't approved. What's there is wrong, so I felt obliged to replace it even ahead of any final approval. Here's my proposed text, derived from Paul's and Conor's suggestions. It notes that privacy might not be consideration, but if it is, RECOMMENDS (normatively) the two solutions we know of: "In general, any string value MAY be used as a SessionIndex value. However, when privacy is a consideration, care must be taken to ensure that the SessionIndex value does not invalidate other privacy mechanisms. In such cases, the value MUST NOT be usable to correlate activity by a principal across different session participants. Two solutions that achieve this goal are provided below and are RECOMMENDED: - Use small positive integers (or reoccurring constants in a list) for the SessionIndex. The authority SHOULD choose the range of values such that the cardinality of any one integer will be sufficiently high to prevent a particular principal's actions from being correlated across multiple session participants. The authority SHOULD choose values for SessionIndex randomly from within this range (except when required to ensure unique values for subsequent statements given to the same session participant but as part of a distinct session). - Use the enclosing assertion's ID value in the SessionIndex." -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]