2006/4/12, John Merrells <[EMAIL PROTECTED]>: > >> 10. Can the user have more than one identity agent? Is this an > >> allowed scenario, for which use cases are required? Imagine a > >> organization-recommened identity agent, and a personal choice? > > > > Yes and yes. I should add a use case that makes that clear.\ > > Added: > > Beth has many computing devices in her life, running different > operating systems and different application software. > She makes her own choices about her own computing environment, but > she has little choice when the software is bundled by the device > manufacturer or at work where she is subject to her employer's policies. > A consequence is that she has multiple Identity Agents, which she > uses for managing different personas.
I first thought that the Identity Agent were a web-based service, not some piece of software you would have to install on your "computing device". This is: - what's done today by other distributed identity systems (OpenID, LID, Passport, etc.) - what's suggested by draft-merrells-dix-00 and -01 How about the "cyber café" use case? How does Beth acceed her identities and personnas if the Identity Agent is a "local" piece of software and not a web-based service? I also think the protocol must have a "dumb, web-based" profile à la OpenID or LID, using HTTP redirects combined with basic HTTP-Auth ; a profile for using web-based services from a "bare" computer (e.g. in a cyber café, where you cannot install anything, or a mobile device with limited capabilities and extensibility –e.g. a mobile phone–). I think SAML also has such a profile. This is IMO a requirement for a distributed identity system. -- Thomas Broyer _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
