On the plane to IETF I realised that there were several more potential requirements to add to ekr's list:
12. Single Site Unlinkability (SSU) The user should be able to visit the same site multiple times without the site being able to tell that it is the same user, even if the user is, for example, asserting the same external claims each time. This protects the user's privacy. Obviously if data provided by the user is unique to that user (for example, age and address combined are often sufficient to uniquely identify a person) then no amount of cleverness can provide SSU, but SSU should be available to the extent permitted by the uniqueness of the data provided. 13. Multiple Site Unlinkability (MSU) The user should be able to visit multiple sites without the sites being able to collude to correlate the data provided by the user. This is a weaker requirement than SSU (that is, MSU does not guarantee SSU). Again, this protects the user's privacy. 14. Attack Resistant Credentials (ARC) Credentials should be such that the (computationally limited) verifier cannot reconstruct the original credential by brute force. Note that the impossibility of this may rely on the user choosing strong secrets, which is often unlikely, for example where the sole source of entropy is a password. 15. Claim Minimality (CM) The ability to show only exactly what is needed, (for example, the user is over 21 rather than the user's exact age, or if there are mutlple claims the ability to show a subset). This improves privacy and reduces linkability. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
