Difference between revisions of "Ephemeral"

From MgmtWiki
Jump to: navigation, search
(Full Title or Meme)
(Problem)
Line 8: Line 8:
  
 
==Problem==
 
==Problem==
Many protocols, like [[OpenID Connect]] supply a [[Subject]] [[Identifier]] (sid) that is meant to reflect the same [[Subject]] over a period of time. Typically those protocols permit transitory binding of the [[Identifier]] to a real world entity. There appears to be no way to evaluate if the [[Identifier]] is meant to be [[Persistent]] from one connection to another other than the sort of [[Assurance]] that would destroy the pseudonymity.
+
The [[User]] is seldom given any [[Assurance]] of the actual characteristics of any [[Identifier]].
  
 
==References==
 
==References==

Revision as of 06:50, 7 August 2018

Full Title or Meme

When an entity has a Ephemeral Identifier the assumption is that it cannot be resused for a different session or used to track the User from one session to another.

Context

  • An Identifier's primary function is to create a label to which attributes can be attached.
  • For an otherwise anonymous connection to enable attribute checking, like the User's that are over 13, 18, or 21 years of age, some ephemeral Identifier is needed to ensure that any verified attribute cannot be reused in some other context.
  • Ephemeral Identifiers can be as simple as the User's IP address, HTTPS session number or the Subject Identifier (sid) in an OpenID Connect session.

Problem

The User is seldom given any Assurance of the actual characteristics of any Identifier.

References