Hi, John. Thanks for the new drafts. I especially look forward to the new use cases draft and will sit down to read that after finishing this reply.
I do agree there is significant overlap; my interest in this area was more or less directly motivated by the DIX bof and evaluating SXIP, Infocard and other solutions for a talk I gave at a conference. I think we view the requirements somewhat differently or at least view what requirements need to be solved when somewhat differently. I'm OK with a solution that supports situations where I have a single alegidly unique identifier today but that can transition to more complex forms of identity claims in the future. You seem to want sets of identity claims today. I'm much more interested in reusing existing security technology and am not interested in working on entirely new protocols. (And I do see this as a security problem which may also be a difference in how we come at this.) I consider requirements related to binding things together at multiple levels (4.4 in my draft) really critical to forward progress on phishing. A lot of people disagree with me. One on one I have been able to convince people that I'm right, but the text in the current section 4.4 clearly does not stand on its own and needs significant revision. Finally, I think it critical that whatever solution we have here needs to work both with non-web HTTP applications (atompub, caldav, webdav, deltav) and with non-HTTP applications. I'd hate to see people pushed towards HTTP as a substrate to get better identity management. Needless to say my vision of the solution space is different because I view these requirements differently. I am working on a specific solution proposal to demonstrate that what I want to do can be accomplished with incremental changes to existing technology. --Sam _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
