Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"
David Chadwick <d.w.chadwick@kent.ac.uk> Mon, 27 February 2012 00:57 UTC
Return-Path: <d.w.chadwick@kent.ac.uk>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F10921F854C for <ietf-privacy@ietfa.amsl.com>; Sun, 26 Feb 2012 16:57:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.155
X-Spam-Level:
X-Spam-Status: No, score=-5.155 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, SARE_SUB_ENC_UTF8=0.152]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3WTDVCllhjU for <ietf-privacy@ietfa.amsl.com>; Sun, 26 Feb 2012 16:57:10 -0800 (PST)
Received: from mx5.kent.ac.uk (mx5.kent.ac.uk [129.12.21.36]) by ietfa.amsl.com (Postfix) with ESMTP id 0369621F859B for <ietf-privacy@ietf.org>; Sun, 26 Feb 2012 16:57:09 -0800 (PST)
Received: from mx0.kent.ac.uk ([129.12.21.32]) by mx5.kent.ac.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1S1otm-0002Lr-B6; Mon, 27 Feb 2012 00:57:06 +0000
Received: from [114.81.85.173] (helo=[192.168.1.102]) by mx0.kent.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <d.w.chadwick@kent.ac.uk>) id 1S1otk-0006zS-Qi; Mon, 27 Feb 2012 00:57:06 +0000
Message-ID: <4F499D4A.2080407@kent.ac.uk>
Date: Sun, 26 Feb 2012 02:47:38 +0000
From: David Chadwick <d.w.chadwick@kent.ac.uk>
Organization: University of Kent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <OFB573E6ED.4083D82F-ON482579A5.0020B5E3-482579A5.00218D60@zte.com.cn> <EA284556-1D73-47E9-A34E-F47643BAEAB9@cardiff.ac.uk> <4F441C90.4090202@kent.ac.uk> <50C44B6C-9C01-403B-938B-E8582AED790B@gmx.net> <41983DCE-76CD-4CC9-9EFC-CFEC3950F352@wierenga.net> <4F481028.1010302@kent.ac.uk> <4F48DCFA.4010105@cs.tcd.ie>
In-Reply-To: <4F48DCFA.4010105@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "ietf-privacy@ietf.org" <ietf-privacy@ietf.org>
Subject: Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2012 00:57:11 -0000
On 25/02/2012 13:07, Stephen Farrell wrote: > ...cut... nor had they thought about any > privacy-friendly ways to handle identifiers in > log files that might be exchanged between domains. > As part of the recently completed EC TAS3 project we considered this and implemented a (partial) proof of concept. This uses the Liberty Alliance scheme of passing encrypted PIDs between SPs. But the process is very unwieldy and gets very complex once a log record refers to the PIDs of several different entities, each of which has a different PID at each SP. So it is not a system that I would especially recommend regards David > It'd have been great to be able to say "go look > at RFC xxxx where it shows you ten possible ways > to do that." > > S > > [1] http://datatracker.ietf.org/doc/draft-ietf-sipclf-problem-statement/ > > > On 02/24/2012 10:33 PM, David Chadwick wrote: >> Hi Klaas >> >> I agree with you. It might that IRTF is more appropriate for some work >> items, but this is something the ADs can decide >> >> regards >> >> David >> >> On 24/02/2012 18:56, Klaas Wierenga wrote: >>> Hi Hannes, >>> >>> Perhaps I am mistaken, but it seems that there is a bit too much >>> focus on what is possible with *todays* technology. I would rather >>> like to focus on properties we would *like* to see, and possibly work >>> on those in the IETF (but most likely other fora).... But still that >>> is probably not for a terminology document, but I do think we need to >>> be able to express all desirable properties using the terms from the >>> terminology document. >>> >>> Klaas >>> >>> Sent from my iPad >>> >>> On 24 feb. 2012, at 19:47, Hannes >>> Tschofenig<hannes.tschofenig@gmx.net> wrote: >>> >>>> Hi David, >>>> >>>> this specific case seems to have pretty tough privacy requirements: >>>> you want to avoid having relying parties to know who the identity >>>> providers are AND also want to avoid letting identity providers >>>> know which relying parties data subjects talk to AND finally you >>>> want to avoid collusion among relying parties to learn more about >>>> data subjects. >>>> >>>> It is interesting to see how a set of privacy requirements produce >>>> a system that has questionable privacy properties... >>>> >>>> Ciao Hannes >>>> >>>> PS: Whenever one talks about trust it is useful to mention 'who is >>>> trusted by whom to do what'. >>>> >>>> On Feb 22, 2012, at 12:37 AM, David Chadwick wrote: >>>> >>>>> >>>>> >>>>> On 20/02/2012 17:16, Rhys Smith wrote: >>>>>> On 15 Feb 2012, at 06:06, zhou.sujing@zte.com.cn >>>>>> <mailto:zhou.sujing@zte.com.cn> wrote: >>>>>> >>>>>>>> Well, even more, the idp should not know at all which rp I >>>>>>>> talk to in the first place. >>>>>>> >>>>>>> It is a strong privacy reqirement. Idoubt solutions in ABFAB >>>>>>> can provide this feature. >>>>>> >>>>>> Yes, ABFAB cannot do this natively. >>>>>> >>>>>> Though there are always ways around this. SAML cannot do this >>>>>> natively either, but the Cabinet Office (UK government) is in >>>>>> the middle of setting up a national federated infrastructure >>>>>> with exactly this properly, which it achieves by having a >>>>>> gateway in the middle which mediates all traffic. >>>>> >>>>> Hmmm. the design of this is very questionnable (and opaque). Full >>>>> trust must be given to the gateway, without any assurance that it >>>>> is trustworthy. It is not even mentioned in the trust assurance >>>>> document. >>>>> >>>>> regards >>>>> >>>>> David >>>>> >>>>>> >>>>>> Note that this privacy requirement may well be asymmetric - >>>>>> there may be a difference between the IdP not being able to >>>>>> know about which RP the user is using, and the RP not knowing >>>>>> which IdP the user came from... >>>>>> >>>>>> R. -- Dr Rhys Smith Identity, Access, and Middleware >>>>>> Specialist Cardiff University& Janet - the UK's education and >>>>>> research network >>>>>> >>>>>> email: smith@cardiff.ac.uk<mailto:smith@cardiff.ac.uk> / >>>>>> rhys.smith@ja.net<mailto:rhys.smith@ja.net> GPG: 0xDE2F024C >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ ietf-privacy >>>>>> mailing list ietf-privacy@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>>>> >>>>> -- >>>>> >>>>> ***************************************************************** >>>>> >>>>> >> David W. Chadwick, BSc PhD >>>>> Professor of Information Systems Security School of Computing, >>>>> University of Kent, Canterbury, CT2 7NF Skype Name: >>>>> davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: >>>>> +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: >>>>> http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research >>>>> Web site: >>>>> http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust >>>>> key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 >>>>> >>>>> ***************************************************************** >>>>> >>>>> >> _______________________________________________ >>>>> ietf-privacy mailing list ietf-privacy@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>>> >>>> _______________________________________________ ietf-privacy >>>> mailing list ietf-privacy@ietf.org >>>> https://www.ietf.org/mailman/listinfo/ietf-privacy >>> >> > -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
- [ietf-privacy] anonymity definition in "draft-han… zhou.sujing
- Re: [ietf-privacy] anonymity definition in"draft-… Tschofenig, Hannes (NSN - FI/Espoo)
- [ietf-privacy] 答复: RE: anonymity definition in"dr… zhou.sujing
- Re: [ietf-privacy] 答复: RE: anonymity definition i… Hannes Tschofenig
- [ietf-privacy] 答复: Re: 答复: RE: anonymity definiti… zhou.sujing
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Claudia Diaz
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Hannes Tschofenig
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Ted Hardie
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Hannes Tschofenig
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Ted Hardie
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- [ietf-privacy] 答复: Re: 答复: Re: 答复: RE: anonymity … zhou.sujing
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Hannes Tschofenig
- Re: [ietf-privacy] =?Big5?B?tarOYA==?=: Re: =?Big… Hannes Tschofenig
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Hannes Tschofenig
- [ietf-privacy] 答复: Re: 答复: Re: 答复: RE: anonymity … zhou.sujing
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Rhys Smith
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… David Chadwick
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Rhys Smith
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Rhys Smith
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Hannes Tschofenig
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… David Chadwick
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Stephen Farrell
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Klaas Wierenga
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… Stefan Winter
- Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity defi… David Chadwick