[dix] Requirements

[Mark Nottingham <mnot at yahoo-inc.com>]

I'm new to what people are trying to do here, so please forgive my  
ignorance.

After reading the use cases document and the protocol document, I'm  
scratching my head as to where they meet. It would be helpful if the  
requirements derived from the use cases were explicitly documented,  
so that the proposed solution could be evaluated against the  
requirements; otherwise, any number of approaches would work.

Most of the Browser-Based use cases, for example, could be met by  
modern browsers that keep identifying information on behalf of users,  
possibly along with P3P and APPEL (to manage the users' preferences  
about releasing it). The only requirements there that aren't met  
having to do with portability of identity across devices, but that  
could be met by a persistence format.

I suspect that there are a few unwritten requirements implied here,  
including;

* That an "identity agent" be a separate network entity, potentially  
under the control of a separate party, which has its own identity.
* That currently deployed user agents be able to use them without  
modification.

Is this the case, and are there more? Knowing these kinds of  
assumptions and requirements would be helpful in evaluating this  
proposal.

Also, some discussion of what motivated the choice of SAML (which  
even its strongest proponents wouldn't call "simple") would be helpful.

Cheers,

--
Mark Nottingham
mnot at yahoo-inc.com

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix