Re: [ietf-privacy] 答复: Re: 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"

Tue, 21 Feb 2012 14:36:59 -0800 


On 20/02/2012 17:16, Rhys Smith wrote:

On 15 Feb 2012, at 06:06, [email protected]
<mailto:[email protected]> wrote:


> Well, even more, the idp should not know at all which rp I talk to
> in the first place.

It is a strong privacy reqirement. Idoubt solutions in ABFAB can
provide this feature.


Yes, ABFAB cannot do this natively.

Though there are always ways around this. SAML cannot do this natively
either, but the Cabinet Office (UK government) is in the middle of
setting up a national federated infrastructure with exactly this
properly, which it achieves by having a gateway in the middle which
mediates all traffic.



Hmmm. the design of this is very questionnable (and opaque). Full trust 
must be given to the gateway, without any assurance that it is 
trustworthy. It is not even mentioned in the trust assurance document.


regards

David



Note that this privacy requirement may well be asymmetric - there may be
a difference between the IdP not being able to know about which RP the
user is using, and the RP not knowing which IdP the user came from...

R.
--
Dr Rhys Smith
Identity, Access, and Middleware Specialist
Cardiff University & Janet - the UK's education and research network

email: [email protected] <mailto:[email protected]> /
[email protected] <mailto:[email protected]>
GPG: 0xDE2F024C



_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy


--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: [email protected]
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy





























					Reply via email to