Patrick O'Hara
Thu, 26 Aug 1999 08:31:21 -0700
Date sent: Tue, 24 Aug 1999 17:37:34 +0200 (CEST) From: "A.R. (Tom) Peters" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: certification database and privacy Send reply to: [EMAIL PROTECTED] I prefer the unique generated ID. > C) generated unique ID (number) > + unique, unambiguous > - semi-secret (what is the ID of a certain person?) I like the semi-secret nature. This means that I have to be involved in people find out about my certification level. I would not want every head hunter in South East Wisconsin calling me because my name is on the list. This also has the advantage that the ID has no other purpose. As it has already been pointed out, it is illegal to request a Social Security Number (See Federal Privacy Act of 1974). The reason is that so much can be done with a persons Social Security Number. A LPI ID can only be used to check certification level. > - not personal: people may claim an ID that isn't theirs but they know > it has a high level of certification; how can an outsider check the fraud? The Query should return the status and name of the individual. An employer can ask for further verification by requiring the candidate to present thier certificate. Most certifying bodies even give you a picture ID card. This card has the individuals ID, Name and Picture on it. Ultimately, all of this could be faked, except that it must also match your database. I believe this would be a reasonably secure system. > - easy to poll for the certification status of all candidates (by > polling all possible ID's) instead of just an individual. By returning the status for only one candidate at a time you can limit general searches a great deal. Most people do not have the patience to create a list and start going through every possible combination. Though this could be automated, most people do not have the skills to do that. Even if the system was breached, a person would alk away with a list of IDs, Names and Certification levels. This is not a serious infringement on a persons privacy. I believe that the best system would be to use generated unique IDs, and return the persons Name and Certification level. Pat O'Hara Techneex V: (414)405-7348 F: (414)769-0092 E: [EMAIL PROTECTED] ________________________________________________________________________ This message was sent by the linux-cert mailing list. To unsubscribe: echo unsubscribe | mail -s '' [EMAIL PROTECTED]