Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)

[Mike Warren]

David Sugar <address@hidden> writes:

> In the IDsec implimentation you can run a completely authoratitive
> "Profile Provider" on your own individual workstation if you wish
> and choose to do so, and thereby need not trust anyone else with
> your data. The idea that providers of identity can exist, and that
> they can operate at any level, from an internet wide service
> provider to something an individual company might run, or even an
> individual user, has always been consistent and a key goal in DotGNU
> to protect privacy. I happen to like the IDsec implimentation
> particularly for this reason personally.

I agree with this; I certainly didn't mean to imply that Profile
Providers had to be some central authority (just that the user must
trust their Profile Provider, which could just be
themselves). Realistically, however, a Web service which wants
verifiable-correct data isn't going to trust a Profile Provider run by
a single user (if they just want ``some'' data [i.e. like current
``please register to see our content'' Web sites] and don't really
care how valid it is, then they'll do fine to trust such Providers).

-- 
address@hidden
<URL:http://www.mike-warren.com>
GPG: 0x579911BD :: 87F2 4D98 BDB0 0E90 EE2A  0CF9 1087 0884 5799 11BD