Sam Hartman <[EMAIL PROTECTED]> writes:
> Yes, your understanding is correct.
Good. Then we have a basis to talk about them.
So, for reference here's my summary of the schemes in text form:
The way that DIX works is that you authenticate to the IDP which
hands you some credential which attests to some set of assertions
about you. In this case, said credential would contain the claim
that you were over 21. You'd then provide the credential to the
relying party.
In the scheme Sam is describing you would authenticate to the
relying party, possible using something like DIX, but with some
scheme that gave the relying party your actual identity (true
name, SSN, drivers' license #, whatever). The relying party would
then independently contact some authority it trusted to find out
what it wanted to know (e.g., if you're over 21).
With respect to your original argument that relying parties will want
to have contractual arrangements with the third party authorities
they're getting information from, I certainly agree that that's true
in many cases, such as background checks, taxes, etc., where the
databases are all keyed by some sort of individual identifier (name,
phone number, driver's license number, SSN/TIN, etc.).
However,there are also many cases where it's untrue, with the most
obvious being the use of state-issued photographic ID for various
kinds of identification and age verification purposes. When a bar
checks my ID before serving, they're not relying on any
contract between them and the state of California.[0] So, I don't think
it's really accurate to say that asserting claims along the identify
exchange path isn't something that people are going to want to do in
general.
Moreover, true-name based systems like the one you describe have
quite poor privacy properties:
(1) it means handing out your true name all over the place.
(2) you have very little control or even visibility into
what the third party gives to the relying party.
(3) the third party tends to collect a lot of information
about your activities as a matter of course.
So, a system in which you could individually assert individual claims
without exposing a bunch of irrelevant but sensitive information would
have some advantages from a privacy perspective. I absolutely agree
with you that there are settings in which relying parties will
want to get your identity and then use that for their own research
obviously if one designs a system without independently assertable
claims of this kind, then that will be the only thing they can do,
which seems like a bug.
-Ekr
[0] Yes, I realize that some states do license bars, but consider
the case of out-of-state or Federal ID if you want to be picky.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
