I also agree with Phillip that there are two types of claims. (I like that word better.)
I would point out that in the proposed protocol, the "agent" is actually making the claims on behalf of the user. The whole point of a "Homesite Inspection" step performed by the relying party ("Membersite") in the draft is to establish the reputation of an endpoint for speaking on behalf of the user. However the agent and the user are so closely aligned that making this distinction is probably overkill.
A more important difference is that case (2) requires some sort of name that can be used by the third-party to refer to the subject of the claims. Case (1) doesn't have this need, since the subject is always the "current user". Naming always seems to be the most difficult thing to agree on. The name can be:
1) a key value (public key) or the hash of a key value
2) a unique value generated by the relying party to represent the user for this session
3) a globally unique name (good luck with this one!)
4) a name given by some naming authority (which must also have a name)
A DIX protocol that only supported case (1) claims would avoid the whole naming issue. This might be a good thing to focus on, so that something is accomplished in a shorter period of time.
Terry Hayes
-----Original Message-----
From: Dick Hardt <[EMAIL PROTECTED]>
To: Digital Identity Exchange <[email protected]>
Sent: Wed, 25 Jan 2006 22:53:30 -0800
Subject: Re: of identifiers and identity service discovery (was: Re: [dix]Toadd to the charter)
On 25-Jan-06, at 9:25 PM, Hallam-Baker, Phillip wrote:
> I think that there are two separate types of identity information that
> need to be considered here:
>
> 1) Self asserted information (nickname, photo, email etc.)
> 2) Third party assertions (reputation, spamminess, star alliance gold
> etc.)
>
> The first type of information is not difficult to manage, the relying
> party understands that the data is self asserted. Attribute value > pairs
> in any standard format work as well as anything.
>
> The second type of information requires the reputation of the
> information provider to be considered by the relying party.
I generally agree Phillip.
In the identity gang discussions we have cal! led these claims instead of identity information. Identity having a vague meaning.
I see (2) requiring not only a trust relationship with the asserting party by the relying party (something that is social, not technical), but also a mechanism for the relying party to know it is a valid assertion, which requires some verification mechanism such as PKI.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
> I think that there are two separate types of identity information that
> need to be considered here:
>
> 1) Self asserted information (nickname, photo, email etc.)
> 2) Third party assertions (reputation, spamminess, star alliance gold
> etc.)
>
> The first type of information is not difficult to manage, the relying
> party understands that the data is self asserted. Attribute value > pairs
> in any standard format work as well as anything.
>
> The second type of information requires the reputation of the
> information provider to be considered by the relying party.
I generally agree Phillip.
In the identity gang discussions we have cal! led these claims instead of identity information. Identity having a vague meaning.
I see (2) requiring not only a trust relationship with the asserting party by the relying party (something that is social, not technical), but also a mechanism for the relying party to know it is a valid assertion, which requires some verification mechanism such as PKI.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
