Re: [VoT] How to express duplicate checks with VoT?

Justin Richer <jricher@mit.edu> Thu, 10 March 2016 18:57 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C913B12DBD6 for <vot@ietfa.amsl.com>; Thu, 10 Mar 2016 10:57:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.822
X-Spam-Level:
X-Spam-Status: No, score=-2.822 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nptMijsPt0uw for <vot@ietfa.amsl.com>; Thu, 10 Mar 2016 10:57:49 -0800 (PST)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C0C412DBD7 for <vot@ietf.org>; Thu, 10 Mar 2016 10:57:49 -0800 (PST)
X-AuditID: 1209190d-e37ff70000004dee-88-56e1c3ac0a67
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 80.FB.19950.CA3C1E65; Thu, 10 Mar 2016 13:57:48 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u2AIvlko013706; Thu, 10 Mar 2016 13:57:48 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u2AIvjL5015542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 10 Mar 2016 13:57:46 -0500
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <56E1A5F8.3090201@switch.ch>
Date: Thu, 10 Mar 2016 13:57:44 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <D8C2F321-13E0-4705-903A-79656151F468@mit.edu>
References: <56E1A5F8.3090201@switch.ch>
To: Rolf Brugger <rolf.brugger@switch.ch>
X-Mailer: Apple Mail (2.2104)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixG6norvm8MMwg5OLZCyaevawWzT8fMDq wOSxZMlPJo/2IxPYA5iiuGxSUnMyy1KL9O0SuDLOPLYseMBbcX39JeYGxibuLkZODgkBE4m/ hz+zdjFycQgJtDFJ3Dk2hx3C2cgo8bD5HguE85BJ4vSci+wgLcwC6hJ/5l1iBrF5BfQkXt26 zApiCwvYSJxvP8IGYrMJqEpMX9PCBGJzCmhKrPr5AqyGBSg+YdUKFog5AhJzD01jgrC1JZYt fA0100qiY9dOoDkcQIs1JN5NtQYJiwCNufP7ECvE1bISu38/YprAKDALyUWzkFw0C8nUBYzM qxhlU3KrdHMTM3OKU5N1i5MT8/JSi3SN9HIzS/RSU0o3MYLClFOSdwfjv7tehxgFOBiVeHgF ah6ECbEmlhVX5h5ilORgUhLlXbP/YZgQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEV7/tUA53pTE yqrUonyYlDQHi5I4b8zNo2FCAumJJanZqakFqUUwWQ0ODoEZ5+ZOZ5JiycvPS1WS4LU+BDRE sCg1PbUiLTOnBKGUiYMTZBEP0CJfkBre4oLE3OLMdIj8KUZFKXFeLZCEAEgiozQPrheUXhLe HjZ9xSgO9JYwbyxIFQ8wNcF1vwIazAQ0+EXrPZDBJYkIKakGxrJ/d/59TA2pmckkt7l8754k RpFc5m8SnZJr2S2Wqiv9NOxYM6Fhs6Ewy8c473aZ+a9ezmvYKzWjYqXHV3fpwB0lK7ifZjDG +D3L3/BaM5fxed4nA+NiXpuoS5e37lbvuLJj3lx+27/OmrVzjKfuTrP3fLepYcEDq7ziooS+ ZQXRGV/r9mzfpcRSnJFoqMVcVJwIAJe/WmwKAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/vNqRyqihY52H9phsEyxmpxdxZLA>
Cc: vot@ietf.org
Subject: Re: [VoT] How to express duplicate checks with VoT?
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 18:57:52 -0000

This would probably be another category/dimension, I think. Unless you wanted to wrap it into your own definitions of the “P” dimension, where there’d be a “Pu” for “proofed unique” that could be added to that category. 

 — Justin

> On Mar 10, 2016, at 11:51 AM, Rolf Brugger <rolf.brugger@switch.ch> wrote:
> 
> Hi all,
> 
> I'm new to this list and I hope my question is not totally irrelevant here.
> 
> We have plenty of use cases where RPs need to have confidence, that a person does not have multiple identities in one IdP. I don't see how this aspect of identity quality can be expressed, and I believe it is pretty orthogonal to the P, C, M and A dimensions that are currently specified in the VoT draft.
> 
> We could imagine multiple ways to gradually prove that an identity has been checked against duplicates. The most straightforward approach would be to make sure that unique personal attributes are used only once within one IdP or an IdP federation, like
> - email address(es)
> - mobile phone number
> - home postal address
> - social security number
> - ID / passport number
> - the combination of name and birth date
> - etc.
> 
> Would it make sense to express this in VoT?
> 
> best regards
> 
> Rolf
> 
> 
> -- 
> SWITCH
> --------------------------
> Rolf Brugger, project Swiss edu-ID
> Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
> phone +41 44 268 15 15, direct +41 44 268 15 89
> rolf.brugger@switch.ch, http://www.switch.ch
> 
> _______________________________________________
> vot mailing list
> vot@ietf.org
> https://www.ietf.org/mailman/listinfo/vot