Re: [dix] Re: [Ietf-http-auth] More requirements
"Ben Laurie" <benl@google.com> Fri, 14 July 2006 12:40 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Mxi-0005Ha-AS; Fri, 14 Jul 2006 08:40:06 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Mxg-0005HU-G5 for dix@ietf.org; Fri, 14 Jul 2006 08:40:04 -0400
Received: from smtp-out.google.com ([216.239.45.12]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1Mxf-0004E2-3Q for dix@ietf.org; Fri, 14 Jul 2006 08:40:04 -0400
Received: from evilmonkey.corp.google.com (evilmonkey.corp.google.com [172.24.0.124]) by smtp-out.google.com with ESMTP id k6ECdvrs003154 for <dix@ietf.org>; Fri, 14 Jul 2006 05:39:57 -0700
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=received:message-id:date:from:to:subject:cc:in-reply-to: mime-version:content-type:content-transfer-encoding: content-disposition:references; b=sndOTEKkZDr45r9mL478iZQMk0iq87/hWFJDelJZYhPdb2lvmm8mxSeT2pdus/Mne MIfpsIhRDzpMmoIcoh3tQ==
Received: from smtp-out2.google.com (fpe16.prod.google.com [10.253.5.16]) by evilmonkey.corp.google.com with ESMTP id k6ECZXNK025972 for <dix@ietf.org>; Fri, 14 Jul 2006 05:39:54 -0700
Received: by smtp-out2.google.com with SMTP id 16so221472fpe for <dix@ietf.org>; Fri, 14 Jul 2006 05:39:54 -0700 (PDT)
Received: by 10.253.14.20 with SMTP id 20mr71618fpn; Fri, 14 Jul 2006 05:39:54 -0700 (PDT)
Received: by 10.253.14.2 with HTTP; Fri, 14 Jul 2006 05:39:54 -0700 (PDT)
Message-ID: <1b587cab0607140539l29f028f9gb5ff432d3915124e@mail.google.com>
Date: Fri, 14 Jul 2006 08:39:54 -0400
From: Ben Laurie <benl@google.com>
To: RL 'Bob' Morgan <rlmorgan@washington.edu>
Subject: Re: [dix] Re: [Ietf-http-auth] More requirements
In-Reply-To: <Pine.LNX.4.64.0607140835550.31752@perf.cac.washington.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <1b587cab0607131743g36c96314ta9b3a0a90aa871e0@mail.google.com> <86wtag5r75.fsf@delta.rtfm.com> <Pine.LNX.4.64.0607140835550.31752@perf.cac.washington.edu>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: Digital Identity Exchange <dix@ietf.org>, IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
On 7/14/06, RL 'Bob' Morgan <rlmorgan@washington.edu> wrote: > > >> 12. Single Site Unlinkability (SSU) > >> The user should be able to visit the same site multiple times without > >> the site being able to tell that it is the same user, even if the user > >> is, for example, asserting the same external claims each time. This > >> protects the user's privacy. Obviously if data provided by the user is > >> unique to that user (for example, age and address combined are often > >> sufficient to uniquely identify a person) then no amount of cleverness > >> can provide SSU, but SSU should be available to the extent permitted > >> by the uniqueness of the data provided. > > > > This is an interesting requirement and obviously of value, but > > it's worth noting that there are contexts in which linkability > > (CI) is precisely what's desired--blog comments, for example. > > > > So, you wouldn't want to design a system that always provided SSU. :) > > I think many of the requirements (no, haven't made a list yet) have the > assumption of "when appropriate", or "when desired", where "desired" is > some combination of what the user wants and what the application wants or > will permit. Yeah, I see the list as being a list of things you might want, at this stage. Presumably at some point we have to choose which things we actually want, and which are optional or not-always-used. > > - RL "Bob" > > _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] More requirements Ben Laurie
- [dix] Re: [Ietf-http-auth] More requirements EKR
- Re: [dix] Re: [Ietf-http-auth] More requirements RL 'Bob' Morgan
- Re: [dix] Re: [Ietf-http-auth] More requirements Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] More requirements Jeff Hodges
- [dix] Re: [Ietf-http-auth] More requirements Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] More requirements RL 'Bob' Morgan
- Re: [dix] More requirements Ben Laurie