Sam Hartman <[EMAIL PROTECTED]> writes: >>>>>> "Pete" == Pete Rowley <[EMAIL PROTECTED]> writes: > > Pete> It is a requirement if you require to support more than > Pete> authN. Access to a site might require an "I am over 21" > Pete> token, authZ without direct authN - DIX supports that, and I > Pete> believe it is important to do so. > > I think the over-21 example is particularly bad because I cannot > imagine a site (at least in the US) not taking responsibility for that > check themselves based on demographic data they request. It seems > like way too much of a risk to outsource this to an identity provider > especially if you allow identities from a number of different identity > providers.
I'm surprised to see you make this claim, since outsourced adult verification services for porn sites are extremely common. http://en.wikipedia.org/wiki/Adult_Verification_System -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
