Thanks for your comments.
On 12-Apr-06, at 9:57 PM, Jaimon Jose wrote:
I have few clarifications/comments on the use cases..
B12 - Where does the agent live? B8 states that the agent is
integrated
to Operating system. If so, can we expect the agent will be available
even in a computer in the internet caf'e? ( or Is it left to the
implementation of the agent? ).
Where does the agent get Beths identity data? Is it stored remote or
something that she can carry around with her? If so, how does she
transfer it to the agent? ( usb, smartcard or something simiar? Is it
again implementation specific? )
That's all implementation specific stuff. An identity agent could be a
service in the sky, on her computer, on a device she carries about
with her or where ever.
B17. A mention of how identity agent can be administered will be
good.
For eg. how does she inform the agent if she switches the insurance
provider?
That's implementation specific too. I nice identity agent would make
Beth's life as easy as possible. In the use case I'm trying to get over
the idea that a membersite can request a claim that Beth does not
have and she has to acquire one from somewhere.
B19. This is use case suggests that the identity data may be stored
remote so that any device can retrieve the data. The same adds a
constraint that user needs to have access to online identity data
always. This may be difficult if the agent is expected to acquire the
claim and present to local applications in her computer ( for eg.
local
mails ) while she is not connected through her ISP.
Again implementation specific. Beth's phone could access the remote
data or the data could be local, or both. Beth could have sync'd her
phone before she left the office so has a local snapshot of her
identity data.
B27&B28. Not very clear on what we are trying to convey here in the
context of identity agent. It appears to be the current problem if
the
site doesn't store a cookie when Adam visited first time.. ( I may be
missing something. )
B27 and B28 motivate the design of claims, rather than an identity
agent.
All your questions seem to be from the viewpoint of how would one
design and build an identity agent. That's not what these use cases
were written to address. What we need to standardize is the protocol
that the parties talk and to some extend the format of the stuff that's
moved between them.
John
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
