More requirements

On 7/14/06, RL 'Bob' Morgan <rlmorganwashington.edu> wrote:
>
> >> 12. Single Site Unlinkability (SSU)
> >> The user should be able to visit the same site
multiple times without
> >> the site being able to tell that it is the
same user, even if the user
> >> is, for example, asserting the same external
claims each time. This
> >> protects the user's privacy. Obviously if
data provided by the user is
> >> unique to that user (for example, age and
address combined are often
> >> sufficient to uniquely identify a person) then
no amount of cleverness
> >> can provide SSU, but SSU should be available
to the extent permitted
> >> by the uniqueness of the data provided.
> >
> > This is an interesting requirement and obviously
of value, but
> > it's worth noting that there are contexts in
which linkability
> > (CI) is precisely what's desired--blog comments,
for example.
> >
> > So, you wouldn't want to design a system that
always provided SSU. 
>
> I think many of the requirements (no, haven't made a
list yet) have the
> assumption of "when appropriate", or
"when desired", where "desired" is
> some combination of what the user wants and what the
application wants or
> will permit.

Yeah, I see the list as being a list of things you might
want, at this
stage. Presumably at some point we have to choose which
things we
actually want, and which are optional or not-always-used.

>
>   - RL "Bob"
>
>
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-authosafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth