On Feb 20, 2012, at 6:16 PM, Rhys Smith wrote: > On 15 Feb 2012, at 06:06, [email protected] wrote: > >> > Well, even more, the idp should not know at all which rp I talk to >> > in the first place. >> >> It is a strong privacy reqirement. Idoubt solutions in ABFAB can provide >> this feature. > > Yes, ABFAB cannot do this natively. > > Though there are always ways around this. SAML cannot do this natively > either, but the Cabinet Office (UK government) is in the middle of setting up > a national federated infrastructure with exactly this properly, which it > achieves by having a gateway in the middle which mediates all traffic.
Right, which of course puts another entity in the middle that knows more about your transactions then you might like….. ;-) What you really want is to be able to is have the IdP issue claims that are not specific for 1 relying party and that you can wield with whatever RP you like, but that probably requires a client side implementation a la InfoCard. > > Note that this privacy requirement may well be asymmetric - there may be a > difference between the IdP not being able to know about which RP the user is > using, and the RP not knowing which IdP the user came from... yes, absolutely. And to echo what Hannes was saying, I am not at all suggesting that their are currently protocols out there that satisfy all privacy requirements. In fact sometimes a balance between privacy and usability needs to be found, for example it may from a privacy point of view be nice to have aq different pseudonymous identifier every time a use a service, from a usability point of view however I may like the service to maintain a history of my previous transactions. Klaas _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
