--- Dick Hardt <[EMAIL PROTECTED]> wrote:
>
> On 25-Jan-06, at 9:25 PM, Hallam-Baker, Phillip
> wrote:
>
> > I think that there are two separate types of
> identity information that
> > need to be considered here:
> >
> > 1) Self asserted information (nickname, photo,
> email etc.)
> > 2) Third party assertions (reputation, spamminess,
> star alliance gold
> > etc.)
> >
> > The first type of information is not difficult to
> manage, the relying
> > party understands that the data is self asserted.
> Attribute value
> > pairs
> > in any standard format work as well as anything.
> >
> > The second type of information requires the
> reputation of the
> > information provider to be considered by the
> relying party.
>
> I generally agree Phillip.
>
I gotta disagree to a certain extent with this one. I
don't consider these two separate types of Identity
Information, I consider it an arbitrary decision about
the "required" reliability of certain attributes.
For example: A photo, for the purposes of a web-forum
avatar doesn't have to be very reliable ... in most
cases, it isn't even expected to be really
representative. On the other hand: a passport photo,
drivers license or even a company access id photo
needs to be verified by a trusted 3rd party.
> In the identity gang discussions we have called
> these claims instead
> of identity information. Identity having a vague
> meaning.
>
All the more reason to agree to common terminology, so
we all know what the heck each other are talking about
:)
> I see (2) requiring not only a trust relationship
> with the asserting
> party by the relying party (something that is
> social, not technical),
> but also a mechanism for the relying party to know
> it is a valid
> assertion, which requires some verification
> mechanism such as PKI.
>
Agreed. I just don't believe that we should treat the
(1) and (2) as separate types of attributes. Maybe
the should be represented as a triple
{attribute,value(s),verification(s)} where
"verifications" (or whatever, someone give it a name)
is a codification of the mechanism Dick was alluding
to above.
> -- Dick
>
> _______________________________________________
> dix mailing list
> [email protected]
> https://www1.ietf.org/mailman/listinfo/dix
>
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
