Changes between Initial Version and Version 1 of CrossProjectUserId


Ignore:
Timestamp:
Aug 7, 2014, 1:12:25 PM (10 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CrossProjectUserId

    v1 v1  
     1= Cross-project user identification =
     2
     3Accounts on different projects are considered equivalent
     4if they have the same email address
     5(we have considered other concepts, but they all lead to extreme complexity).
     6
     7Email addresses must be kept private,
     8so projects can't export them in statistics files;
     9It's also not desirable to export hashed email addresses,
     10because spammers could enumerate feasible email addresses
     11and compare them with the hashed addresses.
     12
     13Instead, BOINC uses the following system:
     14
     15 * Each account is assigned an 'internal cross-project identifier' (CPID) when it's created; it's a 32-char random string.
     16 * When a scheduling server replies to an RPC, it includes the account's CPID,
     17  its email address hash, and its creation time.
     18  These are stored in the client state file.
     19 * When the BOINC client makes an RPC request to a scheduling server,
     20  it scans the accounts with the same email address,
     21  finds the one with the earliest creation time,
     22  and sends the CPID stored with that account.
     23 * If the scheduling server receives a CPID different
     24  from the one in its database, it updates the database with the new CPID.
     25 * User elements in the XML download files include a hash of (email address, CPID);
     26  this 'external' CPID serves as a unique identifier of all
     27  accounts with that email address.
     28  (The last step, hashing with the email address,
     29  prevents people from impersonating other people).
     30
     31This system provides cross-project identification based on email address,
     32without publicizing information from which email addresses could be derived.