> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> I see (2) requiring not only a trust relationship with the > asserting party by the relying party (something that is > social, not technical), but also a mechanism for the relying > party to know it is a valid assertion, which requires some > verification mechanism such as PKI. Third party assertions require an accountability mechanism. The point of the Karma scoring scheme on slashdot is to hold posters accountable for their posts, post crud onto slashdot and your karma quickly falls. The tricky part in the system is how to hold the moderators accountable, slashdot tries with meta-moderation. Now imagine that we attempt to do apply the karma concept across sites. It is very hard to do so and maintain accountability. If we simply say 'Fred has excellent slashdot karma he can post' we have a problem because Fred is only accountable for his slashdot posts. Extending the system so that Fred is accountable for off site posts so that they then feed back to his now global karma score means that we are vulnerable to a new form of attack where Fred sets up a bogus site for the sole purpose of reporting positive karma, or perhaps there is a red/blue issue. Lefty poster posts on righty blog, gets lots of negative moderation, should it affect his karma score on lefty blogs as well as righty? It's a complex problem and there is a lot of information to manage. SAML syntax is the last of anyone's worries in that case. Much easier to start with 'this is a picture of my pet dog Eric'. There is a lot of value that can be provided there at little cost. A second form of information that is interesting is quasi-confidential information. I don't know what vulnerability is involved if I disclose my star alliance frequent flyer number but I prefer to avoid it unless necessary. Why does any party other than United or a star alliance member ever need to see it? We could just use the uniform identifier. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
