--- Dick Hardt <[EMAIL PROTECTED]> wrote:
>
> On 26-Jan-06, at 4:35 AM, James Benedict wrote:
>
> > --- Dick Hardt <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> On 25-Jan-06, at 9:25 PM, Hallam-Baker, Phillip
> >> wrote:
> >>
> >>> I think that there are two separate types of
> >> identity information that
> >>> need to be considered here:
> >>>
> >>> 1) Self asserted information (nickname, photo,
> >> email etc.)
> >>> 2) Third party assertions (reputation,
> spamminess,
> >> star alliance gold
> >>> etc.)
> >>>
> >>> The first type of information is not difficult
> to
> >> manage, the relying
> >>> party understands that the data is self
> asserted.
> >> Attribute value
> >>> pairs
> >>> in any standard format work as well as anything.
> >>>
> >>> The second type of information requires the
> >> reputation of the
> >>> information provider to be considered by the
> >> relying party.
> >>
> >> I generally agree Phillip.
> >>
> >
> > I gotta disagree to a certain extent with this
> one. I
> > don't consider these two separate types of
> Identity
> > Information, I consider it an arbitrary decision
> about
> > the "required" reliability of certain attributes.
> >
> > For example: A photo, for the purposes of a
> web-forum
> > avatar doesn't have to be very reliable ... in
> most
> > cases, it isn't even expected to be really
> > representative. On the other hand: a passport
> photo,
> > drivers license or even a company access id photo
> > needs to be verified by a trusted 3rd party.
>
> Hmmm. Not sure what you are disagreeing with.
>
> Yes, they are both photos. One is just the data, the
> other has been
> asserted to be associated with the user by a
> *trusted* third party.
> The assertion is what makes them different.
>
I agree with your explanation. That just isn't what I
read in the first post.
In your explanation I see two types of "information"
1) the data (photo, reputation, email, nickname, etc.)
2) the assertions on the data ("DMV-validated photo",
"unvalidated nickname")
The way I read the original post, it sounds like
Phillip is describing two types of "data":
1) self-asserted
2) third-party asserted
I'm all for saying that data can be self-asserted or
third-party asserted... but I don't want to start
categorizing the information based on what "can" be
self-asserted vs. third-party.
> >
... snip'd recursive aggreements ...
>
--
James
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
