Hi Klaas, On 2/13/12 9:41 PM, "ext Klaas Wierenga" <[email protected]> wrote:
> I guess there is still another case, that of the inability of the identity > asserting party to know what entities the subject has a protocol run with. > Example, I may have to show ID to get a beer, but the passport authority > doesn't know I bought a beer. I have heard about this property in the context of the NSTIC project and there were actually two variants of it: 1) two different relying parties should not be able to tell that the same user has logged in to both of them by comparing their login logs. Here I would just the term anonymity or pseudonymity of the subject towards the individual relying parties. 2) the identity provider should not be able to keep track of which relying parties are being used by the subject. You are talking about this one. Here I would use the term relationship anonymity. In the draft I used the example of a MIX-net whereby the attacker is assumed to observe every communication between the sender and the receiver. In your description, I believe, you implicitly assume that the identity provider (passport authority) does not get to see every message that the subject exchanges with the relying party. In any case, it is a good example. I could add it as an additional example to the draft since it gets frequently mentioned in identity management discussions these days. Ciao Hannes _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
