Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

[Sam Hartman <hartmans@painless-security.com>]

>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes:

    David> Section 1.  i) Data Minimization and User Participation:
    David> "There is currently no direct client participation in this
    David> decision." (i.e. release of identity attributes). We should
    David> say at this juncture that this is a major deficiency in
    David> existing federated systems, since the user does not have full
    David> consent or control over which of his identity attributes are
    David> released. This should be fixed in Abfab

I do not support this change.

There are some cases where this is a major deficiency, but it's not
entirely clear whether fixing this at the ABFAB layer is the right
approach.

I'd argue that trying to fix the concent problem in a general manner at
the federation layer may have done more harm over the years than the
privacy problem that is trying to be addressed.


    David> iii) I dont buy into your whiteboard example of single entity
    David> authentication, because a hacked whiteboard could trick the
    David> user into opening the wrong file, which could be disasterous
    David> during an important business meeting. SO mutual
    David> authentication is needed here as well. If you want an example
    David> where mutual authentication is not important, its one where
    David> either the information being accessed is of very little value
    David> to the accessor so that it does not matter if it is erroneous
    David> information or not, or one where it does not matter who the
    David> accessor is i.e. its public information.

Most of the tools I'm familiar with for screen sharing etc would not
allow the white board to pick the presentation/file.
I'd support adding a comment that you don't want to run UI on the white
board, but no I think I completely disagree with your proposed
constraints on when this is useful.

--Sam