Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft)

[Hans Zandbelt]

David,

At 08:56 1/6/2002 -0500, David Sugar wrote:
>That vendors and others would unfortunately still attempt to pray upon users 
>is something that will be attempted regardless of who holds the information.  
>That much we cannot solve but I agree we should not abet.
>
>Yes, IDsec does permit, even, to some degree, activily encourages the 
>existance of "trusted" third parties to hold users personal data.  This has 
>both good and bad aspects and largely depends on who and how it is deployed.  
>In this respect, it certainly does have risks if it came into widespread use.  
>Certainly that same fact that commercial providers can host user profiles is 
>both it's greatest strength for it makes it appealing to commercial entities 
>to adopt, and it's weekness in that some of those same commercial entities 
>will certainly try to take advantage of it and users as you suggest.  Is 
>several dozen tyrranies any better than one?  In this I agree the answer is no.

We have to keep in mind here that it is all a matter of trust: if you don't 
trust
a Profile Provider, you don't store your profile with that Profile Provider. If 
you
don't trust a Content Provider, you won't give him access to your data. In my 
opinion
if a Content Provider abuses your trust, you should have known better; there's
no system that can prevent this. The system can only enforce access policies.

>Perhaps I take the optimistic view on IDsec, and I think the question is very 
>much worth debate and further discussion.  I have wanted to see more 
>discussion on IDsec and other proposals for quite some time now. Our goal is 
>not to simply say "this is what DotGNU identity is, take it or leave it", but 
>to arrive at the most correct and ethical solution that is technically 
>feasable thru consensus.  I happen to like IDsec because, while not

I agree completely. I don't want to push IDsec as a full DotGNU identity 
solution; I just
think that it is a good basis to start from; I think it is a "natural" solution 
to the
identity problem.

> perfect, it exists, it can be demonstrated, and it has potential, when used 
> correctly, to achieve our goals.  Of course, it certainly can also be 
> abused....

About the code: I'm having trouble to get to code to Savannah because it uses
Sun JDK classes, which are not GPL compatible. I need to make changes to make
it compile under Kaffe, but I don't have the time to do it yet...

Hans.


------------------------------------------------------------
Hans Zandbelt                         address@hidden 
Telematica Instituut                     http://www.telin.nl 
P.O.Box 589, 7500 AN                   Phone: +31 53 4850445 
Enschede, Netherlands                    Fax: +31 53 4850400