[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Freport Update
From: |
Hans Zandbelt |
Subject: |
Re: [Auth]Freport Update |
Date: |
Fri, 15 Mar 2002 10:29:28 +0100 |
At 02:54 3/15/2002 -0600, John wrote:
>That's it. Although ID-Sec has been much better supported, I still see
>it's failure to protect the "sites-visited meta-data" as a major
>departure from DotGNU's original edict of fully protecting customer
This is *not* an IDsec problem!
IDsec in itself *does* guarantee that Profile Requesters cannot relate
eachothers data by using "meaningless" session identifiers!
However it depends on the nature and the amount of the
data itself that you give to Profile Requesters wether this will actually
work out: if you pass your private address to Profile Requester A and to Profile
Requester B, it's quite logical that they will be able to associate
these visits with the same person ... This is not an IDsec problem:
it's a problem that you would have with these Profile Requesters.
You shouldn't give this kind of profile data to malicious Profile Requesters;
The only thing IDsec can do is that it won't give this kind of data to
Profile Requesters that you don't trust.
As a matter of fact, Service Providers today can easily assemble user
profiles bases on client IP addresses. This is also an issue that will
not be solved and that is out of scope here.
I have explained this before and you can read it in the draft
specification. Please do so before making this kind of statements!
Regards,
Hans.
------------------------------------------------------------
Hans Zandbelt address@hidden
Telematica Instituut http://www.telin.nl
P.O.Box 589, 7500 AN Phone: +31 53 4850445
Enschede, Netherlands Fax: +31 53 4850400
- [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update,
Hans Zandbelt <=
- Re: [Auth]Freport Update, David Sugar, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update, Norbert Bollow, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/16
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/16
- Re: [Auth]Freport Update, David Sugar, 2002/03/16
- Re: [Auth]Freport Update, John, 2002/03/16
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/16