On 20-Jan-06, at 11:18 AM, Leslie Daigle wrote:
It is clearer, but I think the charter still needs to be clearer about what is meant by "digital identity". Is the purpose to be able to access *any* stored data about a person, or *specific* stored data?
'any'... but the relying party has to know the name of the thing it's asking for.
In many regards, saying "any" is easier; sort out the format for expressing attribute/values, and you're done.
Yes, that's been the plan so far. Other's can provide the names of the attributes and the syntax and semantics of the values. That could be done in the IETF, or in another standards body, or by industry consortia, or just be a free for all folksonomy kind of thing
However, then there are issues of interoperability (is there a minimum set of identity data that is mandatory to provide?).
Mmm, I'd say 'no', but Scott might say 'yes'. I'm reluctant to end up down the schema rathole arguing over things like mobilephone versus cellphone... for example.
And, if it is "any", then how is this not a directory service with additional labelling (addresses/names/identifiers) on top?
I think that the DIX and LDAP information models will turn out to be very similar indeed. But I don't think that's what distinguishes user's agent from a directory service. In the directory centric model the user informs the relying party of their DS and the RP does a search against the DS for the user's attributes, perhaps using some credentials provided by the user, or with some credentials provided to the RP by the DS beforehand. In the user centric model the RP requests some data from the user who forwards the request to their agent, selecting the data items, providing consent for their release and then forwards them to the RP. Same parties, different protocol flow... with greater user privacy. Kim Cameron's 'Seven Identity Laws', make it pretty clear why the directory centric model doesn't work for digital identity, and explains why Microsoft Passport was not widely adopted outside of the MSN universe. John
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
