>>>>> "Eric" == Eric Rescorla <[EMAIL PROTECTED]> writes:
Eric> Sam Hartman <[EMAIL PROTECTED]> writes:
>>>>>>> "Pete" == Pete Rowley <[EMAIL PROTECTED]> writes:
>>
Pete> It is a requirement if you require to support more than
Pete> authN. Access to a site might require an "I am over 21"
Pete> token, authZ without direct authN - DIX supports that, and I
Pete> believe it is important to do so.
>> I think the over-21 example is particularly bad because I
>> cannot imagine a site (at least in the US) not taking
>> responsibility for that check themselves based on demographic
>> data they request. It seems like way too much of a risk to
>> outsource this to an identity provider especially if you allow
>> identities from a number of different identity providers.
Eric> I'm surprised to see you make this claim, since outsourced
Eric> adult verification services for porn sites are extremely
Eric> common.
My point is that I expect the porn site to have a contract with some
verification service they trust and not to want to handle that data
transport through the identity exchange.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
