On 25-Jan-06, at 9:25 PM, Hallam-Baker, Phillip wrote:
I think that there are two separate types of identity information that
need to be considered here:
1) Self asserted information (nickname, photo, email etc.)
2) Third party assertions (reputation, spamminess, star alliance gold
etc.)
The first type of information is not difficult to manage, the relying
party understands that the data is self asserted. Attribute value
pairs
in any standard format work as well as anything.
The second type of information requires the reputation of the
information provider to be considered by the relying party.
I generally agree Phillip.
In the identity gang discussions we have called these claims instead
of identity information. Identity having a vague meaning.
I see (2) requiring not only a trust relationship with the asserting
party by the relying party (something that is social, not technical),
but also a mechanism for the relying party to know it is a valid
assertion, which requires some verification mechanism such as PKI.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
