On Wed, Mar 22, 2006 at 01:49:03PM -0600, Eliot Lear wrote: > Nicolas Williams wrote: > > > I think Robert meant that your dad wants to have to remember no more > > than one username and password, not that there mustn't be others under > > the covers. > > > > This is the high order bit for him. Endless registration is also an > issue, and these are two different problems.
Yes, but the endless enrolment problem hadn't been explicitly stated. I've been trying to distill, out of rather broad problem descriptions, concrete real-world problems. Very general descriptions of the problem may help us to not solve specific problems in ways that aren't so useful (replacing one problem with an equally bad, but different problem), but I don't want to keep guessing what the specific problems are either, and I do believe we need to know what specific problems we want to solve. We also need to establish what threat models apply in what circumstances. This is critical, IMO. If the IETF is going to do any work in this space then an overly broad charter, either in problem description or solution space, is likely to lead to failure. 'Twould be better to debate such matters now than two years into a WG's life. Chartering a WG should not be the only measure of success here (see Phillip's post on that topic). Cynics might also prefer that any such WG be limited to their preferred solutions to their perceived problems; an overly broad charter does not achieve that. Everyone else should still want a narrow charter to improve the chances of success. So, is it safe to say that some of the use cases posted by Robert amount to saying that - users shouldn't have more than one physical (smartcard/token/whatever) or logical (username/password) credential - non-interactive authentication/ID exchange/whatever must be supported - no more endless enrolment by creation of username/passwords - it should be easy to manage authorization - etc... ? Cheers, Nico -- _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
