On 7/14/06, RL 'Bob' Morgan <[EMAIL PROTECTED]> wrote:
>> 12. Single Site Unlinkability (SSU) >> The user should be able to visit the same site multiple times without >> the site being able to tell that it is the same user, even if the user >> is, for example, asserting the same external claims each time. This >> protects the user's privacy. Obviously if data provided by the user is >> unique to that user (for example, age and address combined are often >> sufficient to uniquely identify a person) then no amount of cleverness >> can provide SSU, but SSU should be available to the extent permitted >> by the uniqueness of the data provided. > > This is an interesting requirement and obviously of value, but > it's worth noting that there are contexts in which linkability > (CI) is precisely what's desired--blog comments, for example. > > So, you wouldn't want to design a system that always provided SSU. :) I think many of the requirements (no, haven't made a list yet) have the assumption of "when appropriate", or "when desired", where "desired" is some combination of what the user wants and what the application wants or will permit.
Yeah, I see the list as being a list of things you might want, at this stage. Presumably at some point we have to choose which things we actually want, and which are optional or not-always-used.
- RL "Bob"
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
