Re: [spdx-tech] Identities

2023-02-06 Thread Joe Bussell via lists.spdx.org
via lists.spdx.org Sent: Monday, February 6, 2023 10:24 AM To: SPDX-list Subject: [EXTERNAL] [spdx-tech] Identities Gary, Yes. The W3C Distributed Identifiers Architecture<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.org%2FTR%2Fdid-core%2F%23architecture-overview

[spdx-tech] Identities

2023-02-06 Thread David Kemp
provided would > support a BlockChain like approach which does not have a centralized > “authority”. > > > > Gary > > > > *From:* Spdx-tech@lists.spdx.org *On Behalf Of > *William Bartholomew (CELA) via lists.spdx.org > *Sent:* Wednesday, January 11, 2023 4:14 PM > *

Re: [spdx-tech] Identities

2023-01-22 Thread Vladimir Sitnikov
Upd: https://support.google.com/accounts/answer/61177 , https://github.com/sigstore/fulcio/issues/973#issuecomment-1399566544 Google, and Microsoft do not allow account reuse afted deletion. Vladimir -- Vladimir -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/

Re: [spdx-tech] Identities

2023-01-22 Thread Vladimir Sitnikov
>If "john_sm...@hotmail.com" is an active identity in 2021 and 2022, it is impossible to know if they are the same identity or two different identities Have you checked OIDC/OAuth? As someone passes the challenge, the authority responds with a unique id which is never reused for different identiti

Re: [spdx-tech] Identities

2023-01-15 Thread David Kemp
*William Bartholomew (CELA) via lists.spdx.org > *Sent:* Wednesday, January 11, 2023 4:14 PM > *To:* SPDX-list ; dk1...@gmail.com > *Subject:* Re: [spdx-tech] Identities > > > > These all seem reasonable to me. My only comment is that there may not be > a "formal" autho

Re: [spdx-tech] Identities

2023-01-12 Thread John Andersen
gt; *Sent:* Wednesday, January 11, 2023 4:14 PM > *To:* SPDX-list ; dk1...@gmail.com > *Subject:* Re: [spdx-tech] Identities > > > > These all seem reasonable to me. My only comment is that there may not be > a "formal" authority. For example, an identification sche

Re: [spdx-tech] Identities

2023-01-11 Thread Gary O'Neall
11, 2023 4:14 PM To: SPDX-list ; dk1...@gmail.com Subject: Re: [spdx-tech] Identities These all seem reasonable to me. My only comment is that there may not be a "formal" authority. For example, an identification scheme could use an algorithm to derive a globally unique identifier or

Re: [spdx-tech] Identities

2023-01-11 Thread William Bartholomew (CELA) via lists.spdx.org
outside of your normal working hours. From: Spdx-tech@lists.spdx.org on behalf of David Kemp via lists.spdx.org Sent: Wednesday, January 11, 2023 2:59 PM To: SPDX-list Subject: [EXTERNAL] [spdx-tech] Identities At the tech meeting we decided to accept the curren

[spdx-tech] Identities

2023-01-11 Thread David Kemp
At the tech meeting we decided to accept the current identity model and move forward without blocking the 3.0 release. The discussion covered many ideas on which no decisions were documented, and I wonder if we can reach agreement on these points while the discussion is still fresh, without allowi