--- "Hallam-Baker, Phillip" <[EMAIL PROTECTED]> wrote: > > Behalf Of Dick Hardt > > > > The way I read the original post, it sounds like > Phillip is > > describing > > > two types of "data": > > > > > > 1) self-asserted > > > 2) third-party asserted > > > > > > I'm all for saying that data can be > self-asserted or third-party > > > asserted... but I don't want to start > categorizing the information > > > based on what "can" be self-asserted vs. > third-party. > > > > Glad we agree and that we have "clarified" > Phillip's post! > > > > Phillip, are you in agreement? (don't want to > speak for you) > > There are certainly some types of data that makes it > very unlikely that > anyone would want to trust a self-asserted claim on, > e.g. "I am not a > spammer". > > But in general most of the data being traded today > can be self asserted. > For example nobody seems to have much of a problem > with self asserted > zip codes, even though many people automatically > enter a bogus one. > > > One caution I would suggest is to not use credit > card information as an > example of the type of profile information that > might be stored. While > it is certainly possible to store such data in > principle there are major > security and liability considerations that are > attached. Unless the > proposal is being made by someone with a deep > understanding of the > payments business it is likely to get picked appart > pretty quickly by > the security vultures. >
Busted :) While I wouldn't say that I have a "deep" understanding of the payments business ... I've built a few tools in that area. I know John and co. have already set a few security disclaimers into their draft ... but, I'de rather see the security guys picking at it sooner than later. -- James > _______________________________________________ > dix mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/dix > _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
