Re: [dix] DIX use cases

Tue, 21 Mar 2006 14:12:01 -0800 

Nicolas Williams wrote:


But in practice not every service will join the same federation, so I
suspect that for market reasons we can do no better than a small number
of identities and credentials, each for a set of many services.
What federation? There is no federation in DIX. This is one of the reasons it is really important. 


Note that Elliot's dad almost certainly has multiple credit cards and
will sometimes want to use one and sometimes another, and there won't be
a pattern the browser/whatever can discern (e.g., "this card's balance
got too high and I'll carry some over, so let's make charges on this
other card for a while").

In other words: the identity selection problem simply won't go away, and
at the limit always requires human interaction.


Agreed, but these are details that are beyond the protocol and that are 
handled by the implementation of homesites.



By "automatically downloaded" in (4) I assume you also mean "when I'm
not around," by which you would probably mean that you want some form of
authentication mechanism/credential that doesn't require human
interaction to use.

Have I guessed correctly?

 


yes, 4 is actually an attempt to make two points, one is that I am not 
around, the other is that my "feedreader" is an http "rich client" i.e. 
it is NOT a browser.



3. is almost covered by dmd1 and SAML but I still don't understand how I 
either get the persona-url from an e-mail or an e-mail from a persona-url.
   



Presumably you'd be signing these e-mails somehow, no?  S/MIME, or PGP?

:)

 


Sorry, I should clarify, added the word "address" to my statement below.

I still don't understand how I either get the persona-url from an e-mail 
address or an e-mail address from a persona-url.


I don't see why SAML can't handle (4), assuming I guess correctly what
you meant by (4), since SAML doesn't handle authentication mechanisms
directly, so that as long as you can authenticate to your IdP with some
mechanism/credential that requires no interaction then SAML should not
require interaction either.

 


There is a SOAP binding for SAML, but AFAIK no binding to straight http 
i.e. REST web services.  It is not possible, for example to use SAML 
with feedreaders. So apple's iPhoto could not use SAML if it continues 
to use feeds for Photocasting.


Rob

_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix






















					Reply via email to