dotgnu-auth
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)

From: David Sugar
Subject: Re: [Auth]ISsec Profile Providers (was Re: IDsec meeting)
Date: Sat, 01 Dec 2001 06:55:05 -0500
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914
It is certainly possible that some content providers could well choose not to support assertions of identity held and provided by an individual user's daemon or even from companies or some profile providers. In the IDsec model there is a back channel between the content provider and identity provider, and it's quite possible a given content provider will choose to only accept identity information as provided from certain specific identity providers. However, such content providers will of course be limiting their own customer base, so one would think it would not be in their best interest to do this, especially if businesses commonly use their own local identity servers for employee initiated interactions. The more disperse identity can be served, the better. 

David

Mike Warren wrote:


David Sugar <address@hidden> writes:


In the IDsec implimentation you can run a completely authoratitive
"Profile Provider" on your own individual workstation if you wish
and choose to do so, and thereby need not trust anyone else with
your data. The idea that providers of identity can exist, and that
they can operate at any level, from an internet wide service
provider to something an individual company might run, or even an
individual user, has always been consistent and a key goal in DotGNU
to protect privacy. I happen to like the IDsec implimentation
particularly for this reason personally.



I agree with this; I certainly didn't mean to imply that Profile
Providers had to be some central authority (just that the user must
trust their Profile Provider, which could just be
themselves). Realistically, however, a Web service which wants
verifiable-correct data isn't going to trust a Profile Provider run by
a single user (if they just want ``some'' data [i.e. like current
``please register to see our content'' Web sites] and don't really
care how valid it is, then they'll do fine to trust such Providers).
reply via email to
[Prev in Thread] Current Thread [Next in Thread]