Date sent: Tue, 24 Aug 1999 17:37:34 +0200 (CEST)
From: "A.R. (Tom) Peters" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: certification database and privacy
Send reply to: [EMAIL PROTECTED]
I prefer the unique generated ID.
> C) generated unique ID (number)
> + unique, unambiguous
> - semi-secret (what is the ID of a certain person?)
I like the semi-secret nature. This means that I have to be involved
in people find out about my certification level. I would not want
every head hunter in South East Wisconsin calling me because my
name is on the list.
This also has the advantage that the ID has no other purpose. As
it has already been pointed out, it is illegal to request a Social
Security Number (See Federal Privacy Act of 1974). The reason is
that so much can be done with a persons Social Security Number.
A LPI ID can only be used to check certification level.
> - not personal: people may claim an ID that isn't theirs but they know
> it has a high level of certification; how can an outsider check the fraud?
The Query should return the status and name of the individual. An
employer can ask for further verification by requiring the candidate
to present thier certificate. Most certifying bodies even give you a
picture ID card. This card has the individuals ID, Name and Picture
on it. Ultimately, all of this could be faked, except that it must also
match your database. I believe this would be a reasonably secure
system.
> - easy to poll for the certification status of all candidates (by
> polling all possible ID's) instead of just an individual.
By returning the status for only one candidate at a time you can
limit general searches a great deal. Most people do not have the
patience to create a list and start going through every possible
combination. Though this could be automated, most people do not
have the skills to do that. Even if the system was breached, a
person would alk away with a list of IDs, Names and Certification
levels. This is not a serious infringement on a persons privacy.
I believe that the best system would be to use generated unique
IDs, and return the persons Name and Certification level.
Pat O'Hara
Techneex
V: (414)405-7348
F: (414)769-0092
E: [EMAIL PROTECTED]
________________________________________________________________________
This message was sent by the linux-cert mailing list. To unsubscribe:
echo unsubscribe | mail -s '' [EMAIL PROTECTED]