Sent from my iPhone
On 14 feb. 2012, at 16:08, Hannes Tschofenig <[email protected]> wrote: > Hi Klaas, > > On 2/13/12 9:41 PM, "ext Klaas Wierenga" <[email protected]> wrote: > >> I guess there is still another case, that of the inability of the identity >> asserting party to know what entities the subject has a protocol run with. >> Example, I may have to show ID to get a beer, but the passport authority >> doesn't know I bought a beer. > > I have heard about this property in the context of the NSTIC project and > there were actually two variants of it: > > 1) two different relying parties should not be able to tell that the same > user has logged in to both of them by comparing their login logs. This property (targeted or directed identity) was not what I was referring to, but yes, you want a per session, per relying party (and in some cases for limited time) pseudonym > > Here I would just the term anonymity or pseudonymity of the subject towards > the individual relying parties. See above, it goes beyond pseudonimity towards rp, it is about not sharing pseudonyms between parties > > 2) the identity provider should not be able to keep track of which relying > parties are being used by the subject. You are talking about this one. Yep > > Here I would use the term relationship anonymity. In the draft I used the > example of a MIX-net whereby the attacker is assumed to observe every > communication between the sender and the receiver. In your description, I > believe, you implicitly assume that the identity provider (passport > authority) does not get to see every message that the subject exchanges with > the relying party Well, even more, the idp should not know at all which rp I talk to in the first place. > In any case, it is a good example. I could add it as an additional example > to the draft since it gets frequently mentioned in identity management > discussions these days. Another example is paying cash for something that you don't want to be traced to you Klaas > > Ciao > Hannes > _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
