On 3/21/2006 4:09 PM, "Robert Yates" <[EMAIL PROTECTED]> wrote:
> Nicolas Williams wrote: > >> But in practice not every service will join the same federation, so I >> suspect that for market reasons we can do no better than a small number >> of identities and credentials, each for a set of many services. >> >> > What federation? There is no federation in DIX. This is one of the > reasons it is really important. > FWIW, I'd avoid the term 'federation', as I think its definition differs in various communities. My personal interpretation, for example, involves parties agreeing (perhaps contractually) to the exchange of identity claims (note that here, identity may or may not equal principal), and recourse for false (or at least misleading) claims. dmd1 provides some groundwork for blindly requesting and responding to identity claims, where either or both of the parties involved may not ever have interacted in the past. This falls outside my personal definition of federation, but perhaps not others definitions. The value of these blind attestations, on the other hand, carry the burden of questionable reliability. In (my definition of) 'federations', this is mitigated by governing agreements and policies, which tend to underpin so called 'federations', in some attempt to ensure proper behavior of the parties involved. Blind attestations, in order to be believable, need measures of confidence applied (which may be as simple as the context of a deployment). Different deployments will require different levels of assurance, but should not rely on different protocols to request/respond with claims. =peterd (http://xri.net/=peterd) _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
