Re: [dix] More requirements
"Ben Laurie" <benl@google.com> Sat, 15 July 2006 14:05 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1kmB-0008CL-Ep; Sat, 15 Jul 2006 10:05:47 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1kmA-00087E-3J for dix@ietf.org; Sat, 15 Jul 2006 10:05:46 -0400
Received: from smtp-out.google.com ([216.239.45.12]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1km8-00068Q-Kd for dix@ietf.org; Sat, 15 Jul 2006 10:05:46 -0400
Received: from lois.corp.google.com (lois.corp.google.com [172.24.0.50]) by smtp-out.google.com with ESMTP id k6FE5fOi016175 for <dix@ietf.org>; Sat, 15 Jul 2006 07:05:41 -0700
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=received:message-id:date:from:to:subject:cc:in-reply-to: mime-version:content-type:content-transfer-encoding: content-disposition:references; b=VgcRtlJFVtqfXwe2w68oFW9AP2fYzB9MtLrdrt6+ghHjPCCoPgCsvK9WCvYiSZMCk LNRUHi75quUwuKTwuVqsw==
Received: from smtp-out2.google.com (fpe16.prod.google.com [10.253.5.16]) by lois.corp.google.com with ESMTP id k6FE5edp019898 for <dix@ietf.org>; Sat, 15 Jul 2006 07:05:40 -0700
Received: by smtp-out2.google.com with SMTP id 16so295337fpe for <dix@ietf.org>; Sat, 15 Jul 2006 07:05:40 -0700 (PDT)
Received: by 10.253.14.20 with SMTP id 20mr101227fpn; Sat, 15 Jul 2006 07:05:40 -0700 (PDT)
Received: by 10.253.14.2 with HTTP; Sat, 15 Jul 2006 07:05:40 -0700 (PDT)
Message-ID: <1b587cab0607150705o384f32bbo19c133560df7cbb1@mail.google.com>
Date: Sat, 15 Jul 2006 10:05:40 -0400
From: Ben Laurie <benl@google.com>
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] More requirements
In-Reply-To: <9A93CC39-8708-4898-AC1E-1688761BA865@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1b587cab0607131743g36c96314ta9b3a0a90aa871e0@mail.google.com> <9A93CC39-8708-4898-AC1E-1688761BA865@cisco.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
On 7/15/06, Paul Gleichauf <pgleicha@cisco.com> wrote: > I have missed significant parts of this thread, but is there > assurance that these are in fact computationally feasible? > > There are cases where such guarantees are often found possible to > break in unanticipated ways. Recently the focus is on medical records > and the ability to identify a specific person in a large population > when an anonymization algorithm had been appropriately applied by > correlating data from a variety of sources. Below is one set of > citations often cross referenced in this area: > > http://lab.privacy.cs.cmu.edu/people/sweeney/confidentiality.html I explicitly stated that these kinds of attacks were out of scope. I'm talking about the avoidable kind of linkage, for example where you present the same X.509 client cert everywhere. > > Paul > > On Jul 13, 2006, at 5:43 PM, Ben Laurie wrote: > > > On the plane to IETF I realised that there were several more potential > > requirements to add to ekr's list: > > > > 12. Single Site Unlinkability (SSU) > > The user should be able to visit the same site multiple times without > > the site being able to tell that it is the same user, even if the user > > is, for example, asserting the same external claims each time. This > > protects the user's privacy. Obviously if data provided by the user is > > unique to that user (for example, age and address combined are often > > sufficient to uniquely identify a person) then no amount of cleverness > > can provide SSU, but SSU should be available to the extent permitted > > by the uniqueness of the data provided. > > > > 13. Multiple Site Unlinkability (MSU) > > The user should be able to visit multiple sites without the sites > > being able to collude to correlate the data provided by the user. This > > is a weaker requirement than SSU (that is, MSU does not guarantee > > SSU). Again, this protects the user's privacy. > > > > 14. Attack Resistant Credentials (ARC) > > Credentials should be such that the (computationally limited) verifier > > cannot reconstruct the original credential by brute force. Note that > > the impossibility of this may rely on the user choosing strong > > secrets, which is often unlikely, for example where the sole source of > > entropy is a password. > > > > 15. Claim Minimality (CM) > > The ability to show only exactly what is needed, (for example, the > > user is over 21 rather than the user's exact age, or if there are > > mutlple claims the ability to show a subset). This improves privacy > > and reduces linkability. > > > > _______________________________________________ > > dix mailing list > > dix@ietf.org > > https://www1.ietf.org/mailman/listinfo/dix > > _______________________________________________ > dix mailing list > dix@ietf.org > https://www1.ietf.org/mailman/listinfo/dix > _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] More requirements Ben Laurie
- [dix] Re: [Ietf-http-auth] More requirements EKR
- Re: [dix] Re: [Ietf-http-auth] More requirements RL 'Bob' Morgan
- Re: [dix] Re: [Ietf-http-auth] More requirements Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] More requirements Jeff Hodges
- [dix] Re: [Ietf-http-auth] More requirements Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] More requirements RL 'Bob' Morgan
- Re: [dix] More requirements Ben Laurie