-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Individualization section is unclear #272
Comments
These seem like reasonable clarifications to me |
Note that the result of direct individualization is not an origin-specific identifier, since direct individualization must not expose origin information to the individualization server. However, any identifier exposed to an origin must still be origin-specific. |
PR #281 |
So it's not origin-specific in the sense that the origin can't be determined, but that individualization result still differs between origins. Correct? |
Direct individualization may be performed just once, on the first ever use of the CDM or on browser installation. The result might be an origin-independent identifier, which is never exposed to applications (this would be a Distinctive Permanent Identifier, in the language of the specification). The origin-specific identifiers exposed to applications are derived from this origin-independent one in a way that makes the origin-specific identifiers non-associable, at least by everyone except potentially the individualization server. |
While Direct Individualization may be performed once as @mwatson2 says above, the description above is not necessarily/likely to be accurate, at least in practice. This was the specified behavior before #117 was fixed, but it was too limiting. The problem is that any value derived from such a single identifier is likely to include some reference to the origin-independent value. Otherwise, the individualization process would not have been necessary and/or provides no additional attestation than could have been provided locally. Therefore, it is more likely that an individualization process will be performed once per origin. (The spec also allows for a single origin-independent process followed by per-origin individualization using that intermediary value.) In all cases, the server is origin-independent to protect the [Distinctive] Permanent Identifier(s). Importantly, the last paragraph of the Direct Individualization section requires that the actual origin not be exposed during this process. Instead, a non-associable value that only the client can associate with the origin may be used. It might be helpful to provide a non-normative note expanding on this. Speaking of the last paragraph, I believe there is a typo: “origin(s)-” is not supposed to have a dash. (The dash in “origin-” is correct.) |
I recently had some confusion about individualization. I eventually figured things out, but I think it should be made clear that:
The text was updated successfully, but these errors were encountered: