Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-distinctive Permanent Identifiers may be exposed to the application or origin #308

Closed
ddorwin opened this issue Aug 30, 2016 · 1 comment
Closed

Non-distinctive Permanent Identifiers may be exposed to the application or origin #308

ddorwin opened this issue Aug 30, 2016 · 1 comment
Assignees
@ddorwin
Milestone
V1NonBlocking

Comments

@ddorwin
Copy link
Contributor

ddorwin commented Aug 30, 2016

The NOTE in Use Per-Origin Per-Profile Identifiers currently [1] says:

Permanent Identifiers MUST NOT be exposed to the application or origin.

This statement includes all permanent identifiers, including values that are shared by, for example, all users of a specific device model [2] or platform. This is not the intent and would likely prohibit any implementation that does not use Distinctive Identifiers.

Looking at the the commit that added this text, it appears this statement was intended to address the exception for Permanent Identifiers being per-origin in the normative text. However, I believe this should have been Distinctive Permanent Identifiers.

The lack of requirements around non-distinctive Permanent Identifiers, that is Permanent Identifiers that are not Distinctive Permanent Identifiers, would seem to indicate there are not significant concerns about these, and, as mentioned above, they are essentially required for implementations that avoid using user-specific Distinctive Identifiers.

[1] This is just used as a possible example. The spec does not say whether such a model key is distinctive. The spec says, "A Distinctive Permanent Identifier is a Permanent Identifier that is not shared across a large population of users or client devices," but "large population" is not defined. This bug and example use here does not change that.
@ddorwin ddorwin added this to the V1NonBlocking milestone Aug 30, 2016
@ddorwin ddorwin self-assigned this Aug 30, 2016
ddorwin added a commit to ddorwin/encrypted-media that referenced this issue Aug 30, 2016
@ddorwin
Fix w3c#308: Non-distinctive Permanent Identifiers may be exposed to …
0411080 
…the application or origin
@ddorwin
Copy link
Contributor Author

ddorwin commented Aug 30, 2016

PR #308.

@ddorwin ddorwin closed this as completed in 92e707b Sep 6, 2016
jdsmith3000 added a commit to jdsmith3000/encrypted-media that referenced this issue Jun 8, 2017
@jdsmith3000
Fixed w3c#307 and w3c#308: Add CDM Constraints and move Definitions text
fba8986
jdsmith3000 added a commit that referenced this issue Jun 8, 2017
@jdsmith3000
Fix #407 and #408: Add CDM Constraints and move Definitions text (#411)
aac6ba7 
* Fixe #407 and #308: Add CDM Constraints and move Definitions text

* Fix #407 and #408: Add CDM Constraints and move Definitions text4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ddorwin ddorwin

Labels
None yet
Projects
None yet
Milestone
V1NonBlocking
Development

No branches or pull requests
1 participant
@ddorwin