Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-616

lack of active changes to consent causes premature expiry and re-prompting

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0
    • Component/s: Attribute Consent
    • Labels:
      None

      Description

      The consent data is re-wrapped (and thus re-expressed using the current data sealer private key) only when that data changes. This produces the counter-intuitive result that if you select the "only re-prompt when data changes" option, the consent data will never be re-wrapped once you have taken that option with every site you use. This in turn means that the consent cookie will eventually be expressed using a private key that the IdP no longer possesses, and thus expire; this will trigger re-prompting for every site you had previously said you didn't want to be re-prompted about.

      I think reducing user surprise is going to involve re-wrapping the consent data whenever the data sealer key changes, even if the wrapped data has not changed.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cantor.2@osu.edu Scott Cantor
              Reporter:
              ian@iay.org.uk Ian Young
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 6 hours, 15 minutes
                  1d 6h 15m