David Sugar <address@hidden> writes:
In the IDsec implimentation you can run a completely authoratitive
"Profile Provider" on your own individual workstation if you wish
and choose to do so, and thereby need not trust anyone else with
your data. The idea that providers of identity can exist, and that
they can operate at any level, from an internet wide service
provider to something an individual company might run, or even an
individual user, has always been consistent and a key goal in DotGNU
to protect privacy. I happen to like the IDsec implimentation
particularly for this reason personally.
I agree with this; I certainly didn't mean to imply that Profile
Providers had to be some central authority (just that the user must
trust their Profile Provider, which could just be
themselves). Realistically, however, a Web service which wants
verifiable-correct data isn't going to trust a Profile Provider run by
a single user (if they just want ``some'' data [i.e. like current
``please register to see our content'' Web sites] and don't really
care how valid it is, then they'll do fine to trust such Providers).