IETF Logo Mail Archive

Re: [dix] Re: [Ietf-http-auth] More requirements

"RL 'Bob' Morgan" <rlmorgan@washington.edu> Fri, 14 July 2006 12:38 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1MwG-0004R0-8q; Fri, 14 Jul 2006 08:38:36 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1MwE-0004Qv-Vq for dix@ietf.org; Fri, 14 Jul 2006 08:38:34 -0400
Received: from mxout3.cac.washington.edu ([140.142.32.166]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1MwD-0003v8-L6 for dix@ietf.org; Fri, 14 Jul 2006 08:38:34 -0400
Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.139]) by mxout3.cac.washington.edu (8.13.6+UW06.06/8.13.6+UW06.03) with ESMTP id k6ECcWl1007679; Fri, 14 Jul 2006 05:38:32 -0700
X-Auth-Received: from h1065-net84db.lab.risq.net (h1065-net84db.lab.risq.net [132.219.16.101] (may be forged)) (authenticated authid=rlmorgan) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.03) with ESMTP id k6ECcUEQ016265 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 14 Jul 2006 05:38:32 -0700
Date: Fri, 14 Jul 2006 08:38:55 -0400
From: RL 'Bob' Morgan <rlmorgan@washington.edu>
X-X-Sender: rlmorgan@perf.cac.washington.edu
To: EKR <ekr@networkresonance.com>, Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] Re: [Ietf-http-auth] More requirements
In-Reply-To: <86wtag5r75.fsf@delta.rtfm.com>
Message-ID: <Pine.LNX.4.64.0607140835550.31752@perf.cac.washington.edu>
References: <1b587cab0607131743g36c96314ta9b3a0a90aa871e0@mail.google.com> <86wtag5r75.fsf@delta.rtfm.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-PMX-Version: 5.2.0.264296, Antispam-Engine: 2.4.0.264935, Antispam-Data: 2006.7.14.52432
X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

>> 12. Single Site Unlinkability (SSU)
>> The user should be able to visit the same site multiple times without
>> the site being able to tell that it is the same user, even if the user
>> is, for example, asserting the same external claims each time. This
>> protects the user's privacy. Obviously if data provided by the user is
>> unique to that user (for example, age and address combined are often
>> sufficient to uniquely identify a person) then no amount of cleverness
>> can provide SSU, but SSU should be available to the extent permitted
>> by the uniqueness of the data provided.
>
> This is an interesting requirement and obviously of value, but
> it's worth noting that there are contexts in which linkability
> (CI) is precisely what's desired--blog comments, for example.
>
> So, you wouldn't want to design a system that always provided SSU. :)

I think many of the requirements (no, haven't made a list yet) have the 
assumption of "when appropriate", or "when desired", where "desired" is 
some combination of what the user wants and what the application wants or 
will permit.

  - RL "Bob"


_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email