diff --git a/spec.bs b/spec.bs index 2d90412..0de8196 100644 --- a/spec.bs +++ b/spec.bs @@ -122,47 +122,28 @@ https://eprint.iacr.org/2020/072.pdf Background {#background} ======================== -The Private State Token API provides a mechanism for anonymous authentication. The -API provided by the user agent does not authenticate clients, instead it facilitates -transfer of authentication information. +The Private State Token API provides a mechanism for transfering limited amount +of information across sites. The API provided by the user agent is not the +source of the information, but the facilitator of the cross site transfer. The +API achieves this through use of Privacy Pass protocol described in +[[!PRIVACY-PASS-ARCHITECTURE]], [[!PRIVACY-PASS-AUTH-SCHEME]]. Private State +Tokens API depends on a joint Attester/Issuer deployment. -Authentication of the clients and token signing are both carried by the same -entity referred to as the **issuer**. This is the joint attester and issuer -architecture described in [[!PRIVACY-PASS-ARCHITECTURE]], -[[!PRIVACY-PASS-AUTH-SCHEME]]. - -User agents store tokens in persistent storage. Navigated origins might fetch/spend -tokens in first party contexts or include third party code that fetch/spend -tokens. Spending tokens is called **redeeming**. +User agents store tokens in persistent storage. Navigated origins might +fetch/spend tokens in first party contexts or include third party code that +fetch/spend tokens. Spending tokens is called **redeeming**. Origins may ask the user agent to fetch tokens from the issuers of their choice. Tokens can be redeemed from a different origin than the fetching one. -Private State Tokens API performs cross site anonymous authentication without -using linkable state carrying cookies [[RFC6265]]. Cookies do provide cross -site authentication, however, they fail to provide anonymity. - -Cookies store large amounts of information. [[RFC6265]] requires at least 4096 -bytes per cookie and 50 cookies per domain. This means an origin has -50 x 4096 x 2^8 unique identifiers at its disposal. When backed with back end -databases, a server can store arbitrary data for that many unique -users/sessions. - -Compared to a cookie, the amount of data stored in a Private State Token is very -limited. A token stores a value from a set of six values (think of a value of -an enum type of six possible values). Hence a token stores data between 2 and 3 -bits (4 < 6 < 8). This is very small compared to 4096 bytes a cookie can store. - -Moreover, Private State Tokens API use cryptographic protocols that prevents -origins from tracking which tokens they issue to which user. When presented with -their tokens, issuers can verify they issued them but cannot link the -tokens to the context of their issuance. Cookies do not have this property. - -Unlike cookies, storing multiple tokens from an issuer does not deteriorate -privacy of the user due to the unlinkability of the tokens. The Private -State Token API allows at most 2 different issuers in a top level origin. This -is to limit the information stored for a user when the issuers are -collaborating. +Privacy Pass protocol is designed to prevent issuers from tracking which tokens +they issued to which user agent. When presented with their tokens, issuers can +verify they issued them but cannot link the tokens to the context of their +issuance. Private State Token API retains this unlinkability property. + +The Private State Token API allows at most 2 different issuers for a given top +level origin. This is to limit the availability of cross site information in +case issuers are collaborating. Private State Token operations rely on [[!FETCH]]. A fetch request corresponding to a specific Private State Token operation can be created and used as a parameter to the