Identifier portability: the fundamental issue
Marius Scurtescu
marius at sxip.com
Mon Oct 16 21:12:33 UTC 2006
On 16-Oct-06, at 2:01 PM, Josh Hoyt wrote:
> On 10/16/06, Marius Scurtescu <marius at sxip.com> wrote:
>> In this case you are better off opening a separate account with this
>> or some other IdP. The current delegation model will not protect you
>> at all. The delegate tag is in a publicly accessible Yadis document.
>>
>> I agree that anonymity is an important feature, but the current
>> solution gives you only a false sense of security.
>
> What's "the current solution" that you're talking about? As far as I
draft 10, the delegate tag in the Yadis document and the RP sending
only the delegate id to the IdP
> know, no one is suggesting portable identifiers as a way to achieve
> anonymity. I also do not think anyone is suggesting that IdP-driven
> identifier selection will make you anonymous *to the IdP.*
Right, but many people seem to be under the impression that this
delegate tag (or hiding the portable id from the IdP) will give you
some security or anonymity. I am not saying that this was the
original intent or that this is one of the goals.
Marius
More information about the specs
mailing list