[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specifica
From: |
Hans Zandbelt |
Subject: |
Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft) |
Date: |
Mon, 07 Jan 2002 10:15:59 +0100 |
David,
At 08:56 1/6/2002 -0500, David Sugar wrote:
>That vendors and others would unfortunately still attempt to pray upon users
>is something that will be attempted regardless of who holds the information.
>That much we cannot solve but I agree we should not abet.
>
>Yes, IDsec does permit, even, to some degree, activily encourages the
>existance of "trusted" third parties to hold users personal data. This has
>both good and bad aspects and largely depends on who and how it is deployed.
>In this respect, it certainly does have risks if it came into widespread use.
>Certainly that same fact that commercial providers can host user profiles is
>both it's greatest strength for it makes it appealing to commercial entities
>to adopt, and it's weekness in that some of those same commercial entities
>will certainly try to take advantage of it and users as you suggest. Is
>several dozen tyrranies any better than one? In this I agree the answer is no.
We have to keep in mind here that it is all a matter of trust: if you don't
trust
a Profile Provider, you don't store your profile with that Profile Provider. If
you
don't trust a Content Provider, you won't give him access to your data. In my
opinion
if a Content Provider abuses your trust, you should have known better; there's
no system that can prevent this. The system can only enforce access policies.
>Perhaps I take the optimistic view on IDsec, and I think the question is very
>much worth debate and further discussion. I have wanted to see more
>discussion on IDsec and other proposals for quite some time now. Our goal is
>not to simply say "this is what DotGNU identity is, take it or leave it", but
>to arrive at the most correct and ethical solution that is technically
>feasable thru consensus. I happen to like IDsec because, while not
I agree completely. I don't want to push IDsec as a full DotGNU identity
solution; I just
think that it is a good basis to start from; I think it is a "natural" solution
to the
identity problem.
> perfect, it exists, it can be demonstrated, and it has potential, when used
> correctly, to achieve our goals. Of course, it certainly can also be
> abused....
About the code: I'm having trouble to get to code to Savannah because it uses
Sun JDK classes, which are not GPL compatible. I need to make changes to make
it compile under Kaffe, but I don't have the time to do it yet...
Hans.
------------------------------------------------------------
Hans Zandbelt address@hidden
Telematica Instituut http://www.telin.nl
P.O.Box 589, 7500 AN Phone: +31 53 4850445
Enschede, Netherlands Fax: +31 53 4850400
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), (continued)
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), David Sugar, 2002/01/05
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), John, 2002/01/05
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Rhys Weatherley, 2002/01/05
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Mike Warren, 2002/01/09
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Rhys Weatherley, 2002/01/09
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Hans Zandbelt, 2002/01/10
- [Auth]A real life case in Identity, Albert Scherbinsky, 2002/01/10
- Re: [Auth]A real life case in Identity, Albert Scherbinsky, 2002/01/11
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Mike Warren, 2002/01/11
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), David Sugar, 2002/01/06
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft),
Hans Zandbelt <=
- [Auth]A comment on terminology, Albert Scherbinsky, 2002/01/08
- Re: [Auth]A comment on terminology, Hans Zandbelt, 2002/01/08
- Re: [Auth]A comment on terminology, Norbert Bollow, 2002/01/08
- Re: [Auth]A comment on terminology, Albert Scherbinsky, 2002/01/08
- Re: [Auth]A comment on terminology, Hans Zandbelt, 2002/01/08
- Re: [Auth]A comment on terminology, David Sugar, 2002/01/08
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Hans Zandbelt, 2002/01/07
- Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft), Hans Zandbelt, 2002/01/07