> The goal of this group is to specify a protocol for moving identity > information between parties and a system architecture that enables > the development of software agents to manage a user¹s identity > information. Perhaps you mean management of the exchange of user attributes and authentication states between parties. 'managing identities' implies to my read as a sw which manages the storage of user data
> > Method > > An identity information exchange should involve just three parties: > the user, their agent, and a relying party. The user¹s agent is where > they authenticate themselves and a repository where they store their > identity information, and the relying party is an entity requesting > identity information. +1 on Ben's comment wrt this paragraph > > Any solution should support multiple transport layers, but it is > anticipated that this working group will focus on a HTTP based > solution. In this case the user¹s software is a web browser, to which > no modifications should be required, Well, it's an HTTP client. > and the relying party would be a > website. Well, it's an HTTP aware server, which listens for HTPP messages. > Continuing with the theme of simplicity a website should > require minimal changes to support identity information exchange. For > example, a web form could receive information the same way that a > user would provide it, as if they typed it into the form themselves. > > In moving identity information between parties it is expected that > the messages of the protocol will include elements that bind property > names and values to digital identities. How a digital identity is > referred to is an important consideration. The properties an > identifier could have are that it allows the user to concurrently > maintain multiple personas, that it could allow for a separation > between the digital identity and the identifier and that it allow for > separation between the identifier and the user¹s agent. In the > interests of flexibility and interoperability we would suggest that > the identifier be a string of characters. This working group may > consider current best practice of what that string might be. For > example, a URL or a UUID. How about simply that it is in scope to establish a 'uniform addressing mechanism', such as a URI. > Goals and Milestones: > > March 2006 BOF meeting Definitely need use cases milestone, IMHO =peterd _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
