Hi David, this specific case seems to have pretty tough privacy requirements: you want to avoid having relying parties to know who the identity providers are AND also want to avoid letting identity providers know which relying parties data subjects talk to AND finally you want to avoid collusion among relying parties to learn more about data subjects.
It is interesting to see how a set of privacy requirements produce a system that has questionable privacy properties... Ciao Hannes PS: Whenever one talks about trust it is useful to mention 'who is trusted by whom to do what'. On Feb 22, 2012, at 12:37 AM, David Chadwick wrote: > > > On 20/02/2012 17:16, Rhys Smith wrote: >> On 15 Feb 2012, at 06:06, [email protected] >> <mailto:[email protected]> wrote: >> >>> > Well, even more, the idp should not know at all which rp I talk to >>> > in the first place. >>> >>> It is a strong privacy reqirement. Idoubt solutions in ABFAB can >>> provide this feature. >> >> Yes, ABFAB cannot do this natively. >> >> Though there are always ways around this. SAML cannot do this natively >> either, but the Cabinet Office (UK government) is in the middle of >> setting up a national federated infrastructure with exactly this >> properly, which it achieves by having a gateway in the middle which >> mediates all traffic. > > Hmmm. the design of this is very questionnable (and opaque). Full trust must > be given to the gateway, without any assurance that it is trustworthy. It is > not even mentioned in the trust assurance document. > > regards > > David > >> >> Note that this privacy requirement may well be asymmetric - there may be >> a difference between the IdP not being able to know about which RP the >> user is using, and the RP not knowing which IdP the user came from... >> >> R. >> -- >> Dr Rhys Smith >> Identity, Access, and Middleware Specialist >> Cardiff University & Janet - the UK's education and research network >> >> email: [email protected] <mailto:[email protected]> / >> [email protected] <mailto:[email protected]> >> GPG: 0xDE2F024C >> >> >> >> _______________________________________________ >> ietf-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ietf-privacy > > -- > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security > School of Computing, University of Kent, Canterbury, CT2 7NF > Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: [email protected] > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > _______________________________________________ > ietf-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-privacy _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
