IETF Logo Mail Archive

Re: [apps-discuss] What auth server supplies email addresses? Was webfinger discussion

Alessandro Vesely <vesely@tana.it> Fri, 30 March 2012 09:30 UTC

Return-Path: <vesely@tana.it>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B2ED21F8644 for <apps-discuss@ietfa.amsl.com>; Fri, 30 Mar 2012 02:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1qbywKPj5U5 for <apps-discuss@ietfa.amsl.com>; Fri, 30 Mar 2012 02:30:56 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 85C0821F88CE for <apps-discuss@ietf.org>; Fri, 30 Mar 2012 02:30:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1333099854; bh=yfgJmADKS3cbhPCy01raexzvRnNUmhHsC7dJBBGYhqQ=; l=1766; h=Message-ID:Date:From:MIME-Version:To:CC:References:In-Reply-To: Content-Transfer-Encoding; b=Yek8FknrDBQTLXuao1PrQj4bpDnIAZJl3Y9dC+HPX8pgetIPAJMw/o9lF7FhWKz19 T0wtOqjFqRLP3KjB/LZ4LPnpVv93dMsfbSoaqQdP5Qb09nOTuPvliJAfIEnt/4vLFM tftk2zvsiGJGtC2FGKYDeV7ul0x6Lw0UWAN4p1ow=
Received: from [130.129.20.64] (dhcp-1440.meeting.ietf.org [130.129.20.64]) (AUTH: PLAIN 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Fri, 30 Mar 2012 11:30:54 +0200 id 00000000005DC035.000000004F757D4E.0000684A
Message-ID: <4F757D47.8060704@tana.it>
Date: Fri, 30 Mar 2012 11:30:47 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:11.0) Gecko/20120312 Thunderbird/11.0
MIME-Version: 1.0
To: "Paul E. Jones" <paulej@packetizer.com>
References: <053201cd0b5d$c08c80f0$41a582d0$@packetizer.com> <20120326150556.GC3557@mail.yitter.info> <CAA1s49V0M7N1pLua+ORxGWmsrd_yAA_KQ0Piqjg8VuWJ5=G+Lg@mail.gmail.com> <20120327084709.GB11491@mail.yitter.info> <00ac01cd0c34$cfc96f10$6f5c4d30$@packetizer.com> <CABP7RbdtMYtqgV=NepJMNintjF9hb4h6wv2ttc5bDVqE=yAvPA@mail.gmail.com> <00d201cd0c3a$b3672410$1a356c30$@packetizer.com> <CABP7Rbdcb_xTjLv+Y8brzvhuNiae0pOJKm-9qhHrQMg+xUYPVw@mail.gmail.com> <4F72F5C0.70106@tana.it> <024101cd0d30$06d70ac0$14852040$@packetizer.com> <4F744E1D.6080101@tana.it> <041d01cd0e3b$7d9d1bc0$78d75340$@packetizer.com>
In-Reply-To: <041d01cd0e3b$7d9d1bc0$78d75340$@packetizer.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] What auth server supplies email addresses? Was webfinger discussion
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2012 09:30:57 -0000

On Fri 30/Mar/2012 08:51:12 +0200 Paul E. Jones wrote:

> I still do not understand :-(
> 
> Can you elaborate for me a bit more?

I may be conflating webfinger, openid, browserid, webid, and some other
protocols of that sort.  At any rate, it was said that a functionality
relevant to some of those is to certify a generic claim, for example whether
someone is legally allowed to drive a lorry in France.  The user would
indicate the kind-of-claim (driving license) and a trusted certifier (the
French motoring authority) without revealing his/her identity.  The relaying
party would then let the user login at the certifier's site in order to
eventually obtain the certificate.

By the same logic, given that example.com should be universally trusted for
email addresses that end with "@example.com", its server would be able to
provide a certified, anonymous email address (opaque@example.com) to a shop,
on behalf of a customer who wishes to protect his/her main address.

>> -----Original Message-----
>> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
>> On Behalf Of Alessandro Vesely
>> Sent: Thursday, March 29, 2012 7:57 AM
>> To: apps-discuss@ietf.org
>> Subject: Re: [apps-discuss] What auth server supplies email addresses? Was
>> webfinger discussion
>>
>> On Thu 29/Mar/2012 13:55:12 +0200 Paul E. Jones wrote:
>>>
>>> Get an email address from what ID?  A Webfinger "acct" URI?
>>
>> In general, the opaque token would be kind-of-claim @ claim-provider
>>
>>>>
>>>> That implies the address is known.  Couldn't one use just
>>>>
>>>>    http://example.org/.well-known/finger/{opaque-token}
>>>>
>>>> and, possibly,
>>>>
>>>>    http://example.org/.well-known/finger/{opaque-token}/email-addr?

v2.23.0 | Report a Bug | By Email