Hmm, interesting.... I am picturing flows like:
- I think this is Sam, can you confirm? - ok, is it Josh then? Etc. Etc. ad nauseam Klaas Sent from my iPad On Mar 7, 2011, at 11:03 PM, "Josh Howlett" <[email protected]> wrote: >> So, Josh, I'd like to confirm that one consequence of what you're >> saying >> is that it would be entirely fine for an implementation to use NAIs >> including the actual username and for the IDP to only accept the NAI if >> the email address was correct? > > I believe that is correct. > > When I was discussing this with our regulatory person, I framed the question > using a pseudonymous identifier by way of example (because that's how we > normally think about these problems) but he strongly implied that the > principle is equivalently applicable to other less privacy-preserving > identifiers. The key point is that the IdP isn't releasing information -- > which is the legislation's basic test -- only an opinion. However, I'll ask > him to explicitly ack your example tomorrow. > > Josh. > > > JANET(UK) is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
