New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal to improve registration #10
Conversation
@@ -368,7 +368,9 @@ When a client opens a License Document for the first time and gets access to its | |||
|
|||
* It <b>MUST</b> attempt to register itself again if it couldn't do so the first time that the License Document was opened | |||
|
|||
During the registration, the client <b>MUST</b> always send the same unique identifier for a specific device, no matter which Status Document it interacts with. Any further interaction <b>SHOULD</b> use the same identifier/name. | |||
During the registration, the client <b>MUST</b> always try to send the same unique identifier for a specific device, no matter which Status Document it interacts with. Any further interaction with a provider <b>SHOULD</b> use the same identifier/name. The client <b>SHOULD</b> consider user privacy when generating a unique identifier, for example by generating a random string during software installation. To prevent user tracking across providers, the client <b>MAY</b> generate device unique ids for each provider. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since it's not always possible to ALWAYS send the same identifier for a device, this makes clear that the implementation should do what it can. It also makes clear that an implementation is not out of spec if it uses a different device ID for each provider. If LCP ecosystems are successful and have many participating providers, this is a measure that would prevent providers from sharing registration data for purposes of user tracking.
Sounds reasonable to me. |
During the registration, the client <b>MUST</b> always send the same unique identifier for a specific device, no matter which Status Document it interacts with. Any further interaction <b>SHOULD</b> use the same identifier/name. | ||
During the registration, the client <b>MUST</b> always try to send the same unique identifier for a specific device, no matter which Status Document it interacts with. Any further interaction with a provider <b>SHOULD</b> use the same identifier/name. The client <b>SHOULD</b> consider user privacy when generating a unique identifier, for example by generating a random string during software installation. To prevent user tracking across providers, the client <b>MAY</b> generate device unique ids for each provider. | ||
|
||
If a provider uses registration to monitor license abuse, the provider <b>SHOULD</b> take care to prevent forged registrations. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's up to the provider implementation of course.
This proposal addresses issues #5 and #6