12. Single Site Unlinkability (SSU)
The user should be able to visit the same site multiple times without
the site being able to tell that it is the same user, even if the user
is, for example, asserting the same external claims each time. This
protects the user's privacy. Obviously if data provided by the user is
unique to that user (for example, age and address combined are often
sufficient to uniquely identify a person) then no amount of cleverness
can provide SSU, but SSU should be available to the extent permitted
by the uniqueness of the data provided.
This is an interesting requirement and obviously of value, but
it's worth noting that there are contexts in which linkability
(CI) is precisely what's desired--blog comments, for example.
So, you wouldn't want to design a system that always provided SSU. :)
I think many of the requirements (no, haven't made a list yet) have the
assumption of "when appropriate", or "when desired", where "desired" is
some combination of what the user wants and what the application wants or
will permit.
- RL "Bob"
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
