Re: [dix] draft-merrells-use-cases-00.txt

To: Digital Identity Exchange <dix at ietf.org>
Subject: Re: [dix] draft-merrells-use-cases-00.txt
From: Robert Yates <robyates70 at gmail.com>
Date: Wed, 29 Mar 2006 12:25:44 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ehG02pUftqtMR5qnL16P52pQbQKASbQb9R7UpR8RMIjBTxm6xlhTQ3/mSPHsKHL9xMF3OMNHk0iUgnNzZfnOVPz/v9e7im2DlQHqBRVQzqGfvDW9Vt9XB6Dy2/U0pHuUoVO4FLWlzZqD5Nfluhx66iwM6iDy6fwatOWr5jD4itQ=
In-reply-to: <02F5C4B9-BDCB-4DA8-BE79-8EB447D5BDE6@sxip.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <02F5C4B9-BDCB-4DA8-BE79-8EB447D5BDE6@sxip.com>
Reply-to: Digital Identity Exchange <dix at ietf.org>
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

John Merrells wrote:

Here's a more formal write up the use cases that I posted to the list just before the BOF. They cover all the browser based 'Eliot's Dad' scenarios that have been on the list in the past week.

They look good and have clarified some points for me. I have some concerns about claims though below.

I've also written up a set of scenarios from Dick Hardt that cover various kinds of claims usage. The focus on these is the moving around of the claims, rather than the claims themselves.

The usability of the claims stuff worries me. The use cases are all written with the user previously acquiring a claim. What is the user experience if the user visits a site that requires a claim and the user does not have a claim. Are they sent to the appropriate site to get the claim? Will most users understand what a claim is? or does this all need to seemlessly happen? I think a use case that outlines this scenario should be added.

e.g.

Beth gives her friend, Adam at example.com, access to her photos.  Adam receives an email from Beth inviting him to view her photos.  He goes to the site, which requests a verified email claim.  His identity agent does not presently have such a claim.  His identity agent retrieves the required claim from his e-mail provider.  His identity agent then presents this claim and gains access to the photos Beth has published for him.

There may also be some use cases around expired claims that I think need to be present if claims are going to receive appropriate coverage.

I've not documented Lisa and Rob's non-browser based use cases for DIX over HTTP and other protocols, as I'm not necessarily familiar enough with each case to do them justice. I would however encourage the group to write them up though. Volunteers?


I'll take a stab at some.

Rob

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- Re: [dix] draft-merrells-use-cases-00.txt
  - From: John Merrells

References:
- [dix] draft-merrells-use-cases-00.txt
  - From: John Merrells

Prev by Date: [dix] draft-merrells-use-cases-00.txt
Next by Date: Re: [dix] draft-merrells-use-cases-00.txt
Previous by thread: [dix] draft-merrells-use-cases-00.txt
Next by thread: Re: [dix] draft-merrells-use-cases-00.txt
Index(es):
- Date
- Thread

Re: [dix] draft-merrells-use-cases-00.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.