[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)

From: John Pugh
Subject: Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)
Date: Fri, 30 Nov 2001 18:06:32 -0700

Ok...this last email makes it a bit clearer.

>> The personal directory concept has this. Everyone can implement
>> they want and I can "subscribe" to the value added pieces that I
>> wish since everyone will have the choice to have a different
>> schema. The base schema will be the same across the board as it is
>> required to authenticate. But, that's the only control exerted.
>> allows me to vary my trust and not put all my eggs in the same
>> basket(s). Then I can build services on top of this consuming the
>> different attributes I need with a specific provider.

>I don't understand what you're getting at.

My point above was that there will be a base identity schema as you
depicted via XML. But as a provider, I want to provide other services or
add another layer of "service" to make my providing or service more
appealing. the IDSec space...can this be done? Or am I
looking in the wrong place?

With a personal directory providing the same "things" that IDSec does,
I can do this. I have a base schema that is required. But I have
providers that want to provide some value add and in order to do that
they need a different attribute...this would require a  modified schema.
I can choose to take advantage of this value added service and update my
personal directory with this modified schema and associated attribute.
With XML, it's simple to do that and the interface can be automatically
modified to support the additional attribute AND the attribute/schema
can easily be limited to just that provider.

Maybe we are talking about 2 different things, but I need to provide
more than just an auth mechanism. I need to provide a way for businesses
to differentiate provided value. I don't see the ability
in this model. I am limited to what is created and it may or may not be
supported by the provider. If you consider a "personal directory"
everything I've mentioned in the past few emails is possible...even what
idsec and the other projects are doing can be incorporated into it and
the opportunity is there to make a much more robust system by allowing a
"end user" or consumer to have a single interface to disseminate varying
levels of identity for various services. By using the open standards
this can be "mixed" in with the other initiatives that the large banks,
the federal government(s), etc are already doing without them having to
implement "other" systems.

I'm struggling with the need to re-invent the wheel here...or maybe
that's what you want to do? I'm not sure.

Thanks for reading...I'll stop if I'm impeding progress. Just say so.
This IS good stuff.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]