Re: [dix] Permanent IDs and how to obsolete an identity
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dix] Permanent IDs and how to obsolete an identity
On 5/1/2006 5:52 PM, "Charles Carrington" <cdcarr at us.ibm.com> wrote:
>
> I think its virtually impossible to remove anything completely from the Web.
>
> I think we should concentrate on expiring the credentials associated with IDs.
> Driver's licenses and passports
> have expiration dates. PKI certs have expiration dates and revocation lists.
> Most ID's do not, and I think this is
> a feature that is sorely needed.
>
> Thus "permanent IDs are not allowable" might be a better approach.
Security tokens expire, true, and they should. Identifiers for such tokens
should not be required to do so.
DNS-based identifiers have an implicit expiration which is renewable.
The challenge for many users, is that they do not control the DNS portion of
their identifier today... So when their IDP changes (for example),
generally, that requires a change of address. _THAT_, I think, is a true
problem.
=peterd (http://xri.net/=peterd)
_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
