Re: [dix] Proposed Charter for DIX Working Group

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: Re: [dix] Proposed Charter for DIX Working Group
From: John Merrells <MERRELLS at SXIP.COM>
Date: Fri, 13 Jan 2006 17:27:39 -0800
Cc: dix at ietf.org
In-reply-to: <198A730C2044DE4A96749D13E167AD3787A810@MOU1WNEXMB04.vcorp.ad.vrsn.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <198A730C2044DE4A96749D13E167AD3787A810@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Sender: dix-bounces at ietf.org


On 13-Jan-06, at 1:56 PM, Hallam-Baker, Phillip wrote:

What did it mean to you when you read it? My understanding,
and I think the general understanding, is that 'identity' is
a thing that a person has.


Not to be too picky but your definition seems pretty close to the
definition Douglas Adams suggested for 'life'. The same thing could
apply to his glasses should he be wearing them.


Identity is a philosophical thing... i think people get that. 'Digital
Identity' seems to be the colloquial term people use for online
identity. I'm content that it means what I think it means.

I prefer to use the terms 'identifier' and assertions concerning an
identifier.


And, I think that 'an identity is identified by an
identifier'... and that 'attributes are bound to identifiers
by assertions'.

An identifier is a sign that stands for an identity.


Yes, we're in agreement. There's a paragraph in the charter that
explicitly points out that a fundamental thing to work out is what
an appropriate identifier is.

Reputation is part of the accountability approach. In slashdot you are
accountable to your reputation.
The three components of an accountability scheme are authentication, accreditation and consequences. You have to have a way of knowing who to hold accountable, you have to know whether you are likely to be able to hold them accountable, you have to know that if they defect they will face consequences.
Loss of reputation is one accountability strategy. However the SSL
scheme hangs together through the threat of legal consequences in the
case of a defection (at least with the high assurance CAs).

The text you're discussing is just an example. You seem to be saying that there's a more general solution than the reputation one I'm suggesting... fine... but for the purposes of an example I'd rather it were more specific than more general. Yeah?

I'm in total agreement. We don't want to go down that
rat-hole. We have limited the scope to how the user moves
their own identity information from their agent to a relying party.


I would suggest less talk then that could be construed as being stuff
that you don't intend to do. I have just been involved in getting the
DKIM group chartered and you won't believe what people managed to get
wrapped round their axles...


What do you think is missing from the 'out of scope' section?

John

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- RE: [dix] Proposed Charter for DIX Working Group
  - From: Hallam-Baker, Phillip

Prev by Date: Re: [dix] Proposed Charter for DIX Working Group
Next by Date: [dix] RE: attribute assertions
Previous by thread: Re: [dix] Proposed Charter for DIX Working Group
Next by thread: RE: [dix] Proposed Charter for DIX Working Group
Index(es):
- Date
- Thread

Re: [dix] Proposed Charter for DIX Working Group

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.