Difference between revisions of "Persistent"
From MgmtWiki
(→Context) |
|||
Line 5: | Line 5: | ||
*An [[Identifier]]'s primary function is to create a label to which attributes can be attached. | *An [[Identifier]]'s primary function is to create a label to which attributes can be attached. | ||
*For an otherwise anonymous connection to enable attribute checking, like the [[User]]'s that are over 13, 18, or 21 years of age, some ephemeral [[Identifier]] is needed to ensure that any verified attribute cannot be reused in some other context. | *For an otherwise anonymous connection to enable attribute checking, like the [[User]]'s that are over 13, 18, or 21 years of age, some ephemeral [[Identifier]] is needed to ensure that any verified attribute cannot be reused in some other context. | ||
− | *Ephemeral [[Identifier]]s can be as simple as the [[User]]'s IP address, HTTPS session number or the [[Subject]] [[Identifier]] (sid) in an [[OpenID Connect]] session. | + | *[[Ephemeral]] [[Identifier]]s can be as simple as the [[User]]'s IP address, HTTPS session number or the [[Subject]] [[Identifier]] (sid) in an [[OpenID Connect]] session. |
==Problem== | ==Problem== |
Revision as of 05:48, 7 August 2018
Full Title or Meme
When an entity has a Persistent Identifier the assumption is that the Behavior of the entity will remain consistent over time.
Context
- An Identifier's primary function is to create a label to which attributes can be attached.
- For an otherwise anonymous connection to enable attribute checking, like the User's that are over 13, 18, or 21 years of age, some ephemeral Identifier is needed to ensure that any verified attribute cannot be reused in some other context.
- Ephemeral Identifiers can be as simple as the User's IP address, HTTPS session number or the Subject Identifier (sid) in an OpenID Connect session.
Problem
Many protocols, like OpenID Connect supply a Subject Identifier (sid) that is meant to reflect the same Subject over a period of time. Typically those protocols permit transitory binding of the Identifier to a real world entity. There appears to be no way to evaluate if the Identifier is meant to be Persistent from one connection to another other than the sort of Assurance that would destroy the pseudonymity.