Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
Eric> Sam Hartman <hartmans-ietf at mit.edu> writes:
>>>>>>> "Pete" == Pete Rowley <prowley at redhat.com> writes:
>>
Pete> It is a requirement if you require to support more than
Pete> authN. Access to a site might require an "I am over 21"
Pete> token, authZ without direct authN - DIX supports that, and I
Pete> believe it is important to do so.
>> I think the over-21 example is particularly bad because I
>> cannot imagine a site (at least in the US) not taking
>> responsibility for that check themselves based on demographic
>> data they request. It seems like way too much of a risk to
>> outsource this to an identity provider especially if you allow
>> identities from a number of different identity providers.
Eric> I'm surprised to see you make this claim, since outsourced
Eric> adult verification services for porn sites are extremely
Eric> common.
My point is that I expect the porn site to have a contract with some
verification service they trust and not to want to handle that data
transport through the identity exchange.
_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
