-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enforcement against formation of large sets #29
Comments
Since there will be communication within a set, Privacy Budget limits will have to apply to the entire set. Whether or not that is effective counterpressure to forming large sets can reasonably debated of course. |
Indeed. Edited the original post to reflect this. |
@krgovind the size of the allowed set is of significant interest to established corporations like Microsoft, who have ~300 domains in use for our applications that we'd need to put in a single set. Is there a plan to place a hard upper limit on the set size? Happy to open this as a separate issue. |
Hundreds of domains in a set has clear abuse potential. There should be some sort of limit. |
Agreed - there will always be tension with forcing changes and improving privacy. We can pick winners amongst our apps if need be. Understanding if the limit is 3 (non-starter for us, 3 barely covers our login pages) or 20, or 50, is a good starting point that we can use to drive domain convergence. |
@hpsin: Could you elaborate on whether all ~300 domains would need to be in the same set?
Note that a single organization would have the ability to form multiple sets. For instance you could divide up your domains based on how users interact across them. |
Generally yes - they are all "top level" products that a user would interact with and expect to see SSO between them. We could look at reducing this to perhaps 100 domains once we strip out CDNs, back-end sites, sites that don't require cookie auth, etc - at which point it does not accurately capture the set of domains we own. No matter how we divide up the domains, all of them overlap on our login domain (thus breaking the "one set per domain" rule). We could use (and plan to use) partitioning for some domains (think the spellcheck plugin for a word processor) with some significant updates to the auth model, which may reduce our count down to 75. |
I think this was solved through the subsets design and particularly limiting the number of "associated" subset members. There's still an open question whether the new design is able to solve all use cases properly (#96) but for now I'd say that in general the design is effective in preventing (non-contextual) large set formation. |
To aid user understanding, and prevent abuse, it is desirable to prevent the formation of excessively large sets. What are some ways to prevent or disincentivize formation of large sets?
Could we apply counterpressure against formation of large sets by applyingentropy limits (e.g. Privacy Budget ) will be applied per set, instead of per domain. Can these be an effective counterpressure?The text was updated successfully, but these errors were encountered: