On 26-Jan-06, at 4:35 AM, James Benedict wrote:
--- Dick Hardt <[EMAIL PROTECTED]> wrote:
On 25-Jan-06, at 9:25 PM, Hallam-Baker, Phillip
wrote:
I think that there are two separate types of
identity information that
need to be considered here:
1) Self asserted information (nickname, photo,
email etc.)
2) Third party assertions (reputation, spamminess,
star alliance gold
etc.)
The first type of information is not difficult to
manage, the relying
party understands that the data is self asserted.
Attribute value
pairs
in any standard format work as well as anything.
The second type of information requires the
reputation of the
information provider to be considered by the
relying party.
I generally agree Phillip.
I gotta disagree to a certain extent with this one. I
don't consider these two separate types of Identity
Information, I consider it an arbitrary decision about
the "required" reliability of certain attributes.
For example: A photo, for the purposes of a web-forum
avatar doesn't have to be very reliable ... in most
cases, it isn't even expected to be really
representative. On the other hand: a passport photo,
drivers license or even a company access id photo
needs to be verified by a trusted 3rd party.
Hmmm. Not sure what you are disagreeing with.
Yes, they are both photos. One is just the data, the other has been
asserted to be associated with the user by a *trusted* third party.
The assertion is what makes them different.
In the identity gang discussions we have called
these claims instead
of identity information. Identity having a vague
meaning.
All the more reason to agree to common terminology, so
we all know what the heck each other are talking about
:)
Totally agree!
I see (2) requiring not only a trust relationship
with the asserting
party by the relying party (something that is
social, not technical),
but also a mechanism for the relying party to know
it is a valid
assertion, which requires some verification
mechanism such as PKI.
Agreed. I just don't believe that we should treat the
(1) and (2) as separate types of attributes. Maybe
the should be represented as a triple
{attribute,value(s),verification(s)} where
"verifications" (or whatever, someone give it a name)
is a codification of the mechanism Dick was alluding
to above.
They are both attributes or properties or claims. (2) has a modifier
that means it has been asserted.
btw: I prefer not to use the term "attributes" since it has a
specific meaning in XML, "the attribute attribute ..." gets
confusing ...
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
