From e51081341b1d405154f4434c77361656178e3dd7 Mon Sep 17 00:00:00 2001
From: Nicolas Chavez <nickchavez@google.com>
Date: Fri, 25 Feb 2022 13:15:10 -0500
Subject: [PATCH] Add guidance for cryptographically secure session ids.

---
 index.bs   |  4 +++-
 index.html | 50 +++++++++++++++++++++++++-------------------------
 2 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/index.bs b/index.bs
index 70fd9d1..0b59247 100644
--- a/index.bs
+++ b/index.bs
@@ -2547,7 +2547,9 @@ In JavaScript, `JSON.stringify()` performs serialization; `JSON.parse()` - deser
 
 The media player may manage several ads that are in different phases of their lifespans; multiple concurrent sessions may be active. For example, while the player is rendering ad-A, it preloads and engages ad-B. Simultaneous two-way communication between the player and both ads persists. 
 
-Each session has a unique identifier. All messages that belong to a specific session must reference the same session id. 
+Each session has a unique identifier. All messages that belong to a specific session must reference the same session id. The session id must be cryptographically safe to prevent brute force attacks that would try to guess the session id and spoof as the creative or player.
+
+Note: A robust implementation like `window.crypto.getRandomValues` or `window.crypto.randomUUID` is recommended.
 
 ### Establishing a New Session ### {#protocol-establish-session}
 
diff --git a/index.html b/index.html
index 0d68495..b5fbdd7 100644
--- a/index.html
+++ b/index.html
@@ -1489,7 +1489,6 @@
 </style>
   <meta content="Bikeshed version 2e3c4c68b, updated Fri Jan 14 14:49:00 2022 -0800" name="generator">
   <link href="https://interactiveadvertisingbureau.github.io/SIMID/" rel="canonical">
-  <meta content="a90c5bde6ec06784d95273c7c2c1c544e7b68c4e" name="document-revision">
 <style>
 
 	body {
@@ -2424,8 +2423,8 @@
  <body class="h-entry">
   <div class="head">
    <p data-fill-with="logo"></p>
-   <h1 class="p-name no-ref" id="title">Secure Interactive Media Interface Definition (SIMID) <br><img alt="IAB Tech Lab" height="73" src="images/IABTechLabLogo.jpg" width="100"></h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="profile-and-date"><span class="content">Living Standard, <time class="dt-updated" datetime="2022-02-23">23 February 2022</time></span></h2>
+   <h1 class="p-name no-ref" id="title">Secure Interactive Media Interface Definition (SIMID) <br><img alt="IAB Tech Lab" src="images/IABTechLabLogo.jpg"></h1>
+   <h2 class="no-num no-toc no-ref heading settled" id="profile-and-date"><span class="content">Living Standard, <time class="dt-updated" datetime="2022-02-25">25 February 2022</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -2444,7 +2443,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="profile-and-date"><span cla
    <div data-fill-with="warning"></div>
    <p class="copyright" data-fill-with="copyright"><a href="http://creativecommons.org/publicdomain/zero/1.0/" rel="license"><img alt="CC0" height="15" src="https://licensebuttons.net/p/zero/1.0/80x15.png" width="80"></a> To the extent possible under law, the editors have waived all copyright
 and related or neighboring rights to this work.
-In addition, as of 23 February 2022,
+In addition, as of 25 February 2022,
 the editors have made this specification available under the <a href="http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0" rel="license">Open Web Foundation Agreement Version 1.0</a>,
 which is available at http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0.
 Parts of this work may be from another specification document.  If so, those parts are instead covered by the license of that specification document. </p>
@@ -2735,7 +2734,7 @@ <h2 class="heading settled" data-level="2" id="exec-summary"><span class="secno"
 degrading gracefully if certain features are not supported.</p>
    <div diagram id="diagram-simid-overlay">
     <p>SIMID ads sandboxing from the publisher player environment</p>
-     <img alt="Normal Creative Initilaizatioin Sequence" height="450" src="images/simid_diagram_1_overlay.png" width="800"> 
+     <img alt="Normal Creative Initilaizatioin Sequence" src="images/simid_diagram_1_overlay.png"> 
    </div>
    <p>A diagram showing SIMID ads sandboxed from the publisher player environment</p>
    <p>SIMID is part of a broader effort to replace the older VPAID standard (more details in <a href="http://bit.ly/videoAdVision">this blog post</a> by the IAB Tech Lab). While
@@ -2748,7 +2747,7 @@ <h2 class="heading settled" data-level="2" id="exec-summary"><span class="secno"
    <h3 class="heading settled" data-level="2.1" id="simid-vs-vpaid"><span class="secno">2.1. </span><span class="content">SIMID vs. VPAID Comparison</span><a class="self-link" href="#simid-vs-vpaid"></a></h3>
    <div diagram id="diagram-simid-api-models">
     <p>VPAID vs. SIMID APIs</p>
-     <img alt="Normal Creative Initilaizatioin Sequence" height="340" src="images/simid_diagram_2_api_models.png" style="margin-left: -10px;" width="800"> 
+     <img alt="Normal Creative Initilaizatioin Sequence" src="images/simid_diagram_2_api_models.png" style="margin-left: -10px;"> 
    </div>
    <p id="simid-vs-vapid" table-header>SIMID vs. VPAID Comparison.</p>
    <table class="alternatecolor">
@@ -2844,7 +2843,7 @@ <h2 class="heading settled" data-level="3" id="intro"><span class="secno">3. </s
    <h3 class="heading settled" data-level="3.1" id="simid-interactive-creative-nature"><span class="secno">3.1. </span><span class="content">SIMID Interactive Creative Nature</span><a class="self-link" href="#simid-interactive-creative-nature"></a></h3>
    <div diagram id="diagram-simid-api-models①">
     <p>SIMID Assets loading</p>
-     <img alt="SIMID Interactive Creative Nature" height="400" src="images/simid_diagram_3_assets.png" style="margin-left: -10px;" width="800"> 
+     <img alt="SIMID Interactive Creative Nature" src="images/simid_diagram_3_assets.png" style="margin-left: -10px;"> 
    </div>
    <p>A SIMID creative can be included in a VAST document by way of an <code>&lt;InteractiveCreativeFile></code> element. The text within this element must be a url which returns an HTML document.
 When loaded into an iframe by a media player, this HTML document will define the SIMID creative’s content, and will direct the web browser or host application to load any additional assets
@@ -2870,7 +2869,7 @@ <h3 class="heading settled" data-level="3.2" id="video-ad-flow"><span class="sec
 The media player obtains urls for both files from a VAST document, loads the files, assembles them into a single ad unit, and ensures a cohesive ad experience.</p>
    <div diagram id="diagram-simid-api-models②">
     <p>SIMID creative loading and presentation process.</p>
-     <img alt="SIMID creative loading and presentation process." height="1150" src="images/simid_diagram_4_loading.png" style="margin-left: -10px;" width="800"> 
+     <img alt="SIMID creative loading and presentation process." src="images/simid_diagram_4_loading.png" style="margin-left: -10px;"> 
    </div>
    <h3 class="heading settled" data-level="3.3" id="player-creative-communication"><span class="secno">3.3. </span><span class="content">Player and Creative Communication</span><a class="self-link" href="#player-creative-communication"></a></h3>
    <p>A media player and a SIMID creative communicate by sending serialized messages back and forth to each other.</p>
@@ -2904,7 +2903,7 @@ <h3 class="heading settled" data-level="3.5" id="nonlinear-intro"><span class="s
    <p>SIMID supports nonlinear ads by providing a nonlinear specific API. Both linear and nonlinear ads share the same communication protocol and data providers. As with linear ads, the interactive creative is a single resource that the player loads into a cross-origin iframe.</p>
    <div diagram id="diagram-nonlinear-user-experience">
     <p>Nonlinear Ad User Experience</p>
-     <img alt="Nonlinear state." height="512" src="images/nonlinear-user-experience.png" width="714"> 
+     <img alt="Nonlinear state." src="images/nonlinear-user-experience.png"> 
     <ol dgrm-details>
      <li>
       User clicks on expand button. The player pauses content and expands the creative. 
@@ -3749,7 +3748,7 @@ <h4 class="heading settled" data-level="4.4.1" id="simid-creative-clickThru"><sp
    </dl>
    <div diagram id="diagram-creative-clickThru">
     <p>Creative:clickThru Handling</p>
-     <img alt="Creative clickThru flow." height="470" src="images/dgrm-Creative-clickThru.png" width="714"> 
+     <img alt="Creative clickThru flow." src="images/dgrm-Creative-clickThru.png"> 
     <ol dgrm-details>
      <li>User clicks on clickthrough button.
      <li>Creative sets <code>playerHandles = true</code> and posts <a href="#simid-creative-clickThru">§ 4.4.1 SIMID:Creative:clickThru</a> message.
@@ -3776,7 +3775,7 @@ <h4 class="heading settled" data-level="4.4.2" id="simid-creative-collapseNonlin
     When the creative is ready to collapse, it posts a <code>Creative:collapseNonlinear</code> message. In response to <code>collapseNonlinear</code>, the player resizes the ad to its original state and resumes the content media playback. 
    <div diagram id="diagram-creative-collapseNonlinear">
     <p>Creative:collapseNonlinear Handling</p>
-     <img alt="Creative collapseNonlinear flow." height="560" src="images/dgrm-Creative-collapseNonlinear.png" width="714"> 
+     <img alt="Creative collapseNonlinear flow." src="images/dgrm-Creative-collapseNonlinear.png"> 
     <ol dgrm-details>
      <li>User clicks on collapse button.
      <li>Creative posts <a href="#simid-creative-collapseNonlinear">§ 4.4.2 SIMID:Creative:collapseNonlinear</a> message.
@@ -3793,7 +3792,7 @@ <h4 class="heading settled" data-level="4.4.3" id="simid-creative-expandNonlinea
    <p>If the player communicates to the creative that it has no capacity to expand the ad with <a href="#simid-player-init">§ 4.3.7 SIMID:Player:init</a> message, the creative does not provide an expand button or post the <code>Creaitve:expandNonlinear</code> message.</p>
    <div diagram id="diagram-creative-expandNonlinear">
     <p>Creative:expandNonlinear Handling</p>
-     <img alt="Creative expandNonlinear flow." height="580" src="images/dgrm-Creative-expandNonlinear.png" width="714"> 
+     <img alt="Creative expandNonlinear flow." src="images/dgrm-Creative-expandNonlinear.png"> 
     <ol dgrm-details>
      <li>User clicks on expand button.
      <li>Creative posts <a href="#simid-creative-expandNonlinear">§ 4.4.3 SIMID:Creative:expandNonlinear</a> message.
@@ -3993,7 +3992,7 @@ <h4 class="heading settled" data-level="4.4.12" id="simid-creative-requestNaviga
    </dl>
    <div diagram id="diagram-creative-requestNavigation">
     <p>Creative:requestNavigation Handling</p>
-     <img alt="SIMID Request Navigation." height="764" src="images/dgrm-Creative-requestNavigation.png" width="854"> 
+     <img alt="SIMID Request Navigation." src="images/dgrm-Creative-requestNavigation.png"> 
     <ol dgrm-details>
      <li>User clicks on navigation button.
      <li>Creative posts <code>requestNavigation</code> message.
@@ -4122,7 +4121,7 @@ <h3 class="heading settled" data-level="6.1" id="workflow-ad-loading"><span clas
    </ol>
    <div diagram id="diagram-simid-initialization">
     <p>SIMID Loading and Initialization</p>
-     <img alt="SIMID Initialization." height="1428" src="images/dgrm-simid-initialization.png" width="743"> 
+     <img alt="SIMID Initialization." src="images/dgrm-simid-initialization.png"> 
     <ol dgrm-details>
      <li>Player starts listening to <code>message</code> event on the window.
      <li>
@@ -4166,7 +4165,7 @@ <h3 class="heading settled" data-level="6.2" id="workflow-initialization"><span
    <p>After the player gets a resolve message <a href="#diagram-player-init-normal">Normal Ad Initilaizatioin Sequence</a>, <span step><b>4</b></span>, it initializes media playback at its discretion <span step><b>5</b></span>. Once media rendering begins <span step><b>6</b></span>, the player reports impression <span step><b>7</b></span> and posts <a href="#simid-player-startCreative">§ 4.3.10 SIMID:Player:startCreative</a> <span step><b>8</b></span>.</p>
    <div diagram id="diagram-player-init-normal">
     <p>Normal Ad Initilaization Sequence</p>
-     <img alt="Normal Ad Initilaizatioin Sequence" height="740" src="images/dgrm-init-normal.png" width="714"> 
+     <img alt="Normal Ad Initilaizatioin Sequence" src="images/dgrm-init-normal.png"> 
     <ol dgrm-details>
      <li>Creative initializes the session.
      <li>Player posts <code>Player:init</code> message immediately upon session creation.
@@ -4181,7 +4180,7 @@ <h3 class="heading settled" data-level="6.2" id="workflow-initialization"><span
    <h3 class="heading settled" data-level="6.3" id="workflow-startCreative"><span class="secno">6.3. </span><span class="content">Typical Start Creative WorkFlow</span><a class="self-link" href="#workflow-startCreative"></a></h3>
    <div diagram id="diagram-player-startcreative">
     <p>Normal <code>Player:startCreative</code> Sequence</p>
-     <img alt="startCreative normal sequence." height="414" src="images/dgrm-startCreative-normal.png" width="672"> 
+     <img alt="startCreative normal sequence." src="images/dgrm-startCreative-normal.png"> 
     <ol dgrm-details>
      <li>Media playback begins.
      <li>Player posts <code>Player:startCreative</code>.
@@ -4194,7 +4193,7 @@ <h3 class="heading settled" data-level="6.4" id="workflow-uninterupted-initializ
    <p>In these situations, the player keeps the iframe invisible and refrains from posting messages to the creative until it responds to the <code>Player:init</code> with a <code>resolve</code> message.</p>
    <div diagram id="diagram-player-init-special">
     <p>Special Creative Initialization Cases</p>
-     <img alt="Creative initialization special cases sequence" height="483" src="images/dgrm-init-special.png" width="682"> 
+     <img alt="Creative initialization special cases sequence" src="images/dgrm-init-special.png"> 
     <ol dgrm-details>
      <li>Player initializes ad media playback.
      <li>Player posts <code>Player:init</code> message after ad media playback started.
@@ -4210,7 +4209,7 @@ <h3 class="heading settled" data-level="6.5" id="workflow-delayed-init-resolve">
    <p>If the interactive creative does not resume communication by the playback end, the player must report the VAST error tracker (if available) with the code 1212. See <a href="#diagram-player-init-resolve-timeout">Player:init resolve</a> <span step><b>5</b></span>).</p>
    <div diagram id="diagram-player-init-resolve-timeout">
     <p><code>Player:init resolve</code> delay</p>
-     <img alt="Player:init resolve delay" height="695" src="images/dgrm-init-resolve-delay.png" width="714"> 
+     <img alt="Player:init resolve delay" src="images/dgrm-init-resolve-delay.png"> 
     <ol dgrm-details>
      <li>Player posts <code>Player:init</code> message and establishes a timeout.
      <li>Player starts ad media playback upon timeout expiration.
@@ -4224,7 +4223,7 @@ <h3 class="heading settled" data-level="6.6" id="workflow-reject-initialization"
    <p>The creative may respond with a <code>reject</code> based on its internal logic. In response to <code>reject</code>, the player proceeds with the ad media playback. The player may unload the iframe. The player reports VAST error trackers with the <code>errorCode</code> specified by the creative.</p>
    <div diagram id="diagram-player-init-reject">
     <p><code>Player:init reject</code> Sequence</p>
-     <img alt="Player:init reject sequence." height="659" src="images/dgrm-init-reject.png" width="618"> 
+     <img alt="Player:init reject sequence." src="images/dgrm-init-reject.png"> 
     <ol dgrm-details>
      <li>Player posts <code>Player:init</code> message.
      <li>Creative responds with a <code>reject</code>.
@@ -4312,7 +4311,7 @@ <h4 class="heading settled" data-level="6.9.2" id="workflow-creative-skips"><spa
    </p>
    <div diagram id="diagram-requestSkip">
     <p><code>Creative:requestSkip</code> Sequence</p>
-     <img alt="Creative:requestSkip sequence." height="554" src="images/dgrm-requestSkip.png" width="748"> 
+     <img alt="Creative:requestSkip sequence." src="images/dgrm-requestSkip.png"> 
     <ol dgrm-details>
      <li>Creative posts <code>Creative:requestSkip</code> message.
      <li>Player hides the SIMID iframe.
@@ -4374,7 +4373,7 @@ <h4 class="heading settled" data-level="6.9.6" id="workflow-request-stop"><span
    <p>In the event the interactive component disregards or fails to accommodate player’s ability to resolve <code>requestStop</code>, the iframe remains visible and the player continues sending <code>SIMID:Media</code> and <code>SIMID:Player</code> messages. The creative should maintain communication with the player. See <a href="#simid-creative-requestStop-reject">§ 4.4.17.2 reject</a>.</p>
    <div diagram id="diagram-requestStop">
     <p><code>Creative:requestStop</code> Sequence</p>
-     <img alt="Creative:requestStop sequence." height="554" src="images/dgrm-requestStop.png" width="748"> 
+     <img alt="Creative:requestStop sequence." src="images/dgrm-requestStop.png"> 
     <ol dgrm-details>
      <li>Creative posts <code>Creative:requestStop</code> message.
      <li>Player hides the SIMID iframe.
@@ -4402,7 +4401,7 @@ <h4 class="heading settled" data-level="6.10.1" id="workflow-extend"><span class
    <h4 class="heading settled" data-level="6.10.2" id="workflow-ad-duartion-changed-known"><span class="secno">6.10.2. </span><span class="content">Ad Duration Changed Workflow - Known Time</span><a class="self-link" href="#workflow-ad-duartion-changed-known"></a></h4>
    <div diagram id="diagram-durationchange-known">
     <p>Known Ad Duration Change Sequence</p>
-     <img alt="requestChangeAdDuration known duration change handling." height="601" src="images/dgrm-requestChangeAdDuration-known.png" width="770"> 
+     <img alt="requestChangeAdDuration known duration change handling." src="images/dgrm-requestChangeAdDuration-known.png"> 
     <ol dgrm-details>
      <li>Player starts countdown. Countdown depends on the media progress.
      <li>Creative posts <code>requestChangeAdDuration</code> with the <code>duration</code> value greater than zero.
@@ -4415,7 +4414,7 @@ <h4 class="heading settled" data-level="6.10.2" id="workflow-ad-duartion-changed
    <h4 class="heading settled" data-level="6.10.3" id="workflow-ad-duartion-changed-unknown"><span class="secno">6.10.3. </span><span class="content">Ad Duration Changed Workflow - Unknown Time</span><a class="self-link" href="#workflow-ad-duartion-changed-unknown"></a></h4>
    <div diagram id="diagram-durationchange-unknown">
     <p>Unknown Ad Duration Change Sequence</p>
-     <img alt="requestChangeAdDuration unknown duration change handling." height="475" src="images/dgrm-requestChangeAdDuration-unknown.png" width="645"> 
+     <img alt="requestChangeAdDuration unknown duration change handling." src="images/dgrm-requestChangeAdDuration-unknown.png"> 
     <ol dgrm-details>
      <li>Player starts countdown. Countdown depends on the media progress.
      <li>Creative posts <code>requestChangeAdDuration</code> with the <code>duration</code> value <code>-2</code>.
@@ -4555,7 +4554,8 @@ <h4 class="heading settled" data-level="8.3.2" id="message-serialization"><span
    <p>In JavaScript, <code>JSON.stringify()</code> performs serialization; <code>JSON.parse()</code> - deserialization.</p>
    <h3 class="heading settled" data-level="8.4" id="protocol-session-layer"><span class="secno">8.4. </span><span class="content">Session Layer</span><a class="self-link" href="#protocol-session-layer"></a></h3>
    <p>The media player may manage several ads that are in different phases of their lifespans; multiple concurrent sessions may be active. For example, while the player is rendering ad-A, it preloads and engages ad-B. Simultaneous two-way communication between the player and both ads persists.</p>
-   <p>Each session has a unique identifier. All messages that belong to a specific session must reference the same session id.</p>
+   <p>Each session has a unique identifier. All messages that belong to a specific session must reference the same session id. The session id must be cryptographically safe to prevent brute force attacks that would try to guess the session id and spoof as the creative or player.</p>
+   <p class="note" role="note"><span>Note:</span> A robust implementation like <code>window.crypto.getRandomValues</code> or <code>window.crypto.randomUUID</code> is recommended.</p>
    <h4 class="heading settled" data-level="8.4.1" id="protocol-establish-session"><span class="secno">8.4.1. </span><span class="content">Establishing a New Session</span><a class="self-link" href="#protocol-establish-session"></a></h4>
    <p>SIMID delegates the session initialization to the creative overlay. The creative generates a unique session id and posts the first session message with the <code>Message.type createSession</code>. By posting the <code>createSession</code> message, the creative acknowledges its readiness to receive messages from the player.</p>
    <p class="note" role="note"><span>Note:</span> There is no expectation for the interactive component to be entirely able to participate in ad rendering at the time the creative signals <code>createSession</code> message. Full creative initialization may occur at later stages when the player provides complete data - see <a href="#simid-player-init">§ 4.3.7 SIMID:Player:init</a>.</p>
@@ -4576,7 +4576,7 @@ <h4 class="heading settled" data-level="8.4.1" id="protocol-establish-session"><
    <p>The player responds to <code>createSession</code> with a <code>resolve</code> message.</p>
    <div diagram id="diagram-durationchange-unknown①">
     <p>Typical Session Initialization Sequence</p>
-     <img alt="Typical session initialization." height="605" src="images/dgrm-session-init-sequence.png" width="647"> 
+     <img alt="Typical session initialization." src="images/dgrm-session-init-sequence.png"> 
     <ol dgrm-details>
      <li>The player starts a <code>createSession</code> message timeout.
      <li>The player loads creative.