>>>>> "David" == David Chadwick <[email protected]> writes:
David> Hi Sam
David> On 23/09/2013 13:33, Sam Hartman wrote:
>>>>>>> "David" == David Chadwick <[email protected]> writes:
>>
>>
>> I do not support this change.
David> Which change do you not support a) saying that this is a
David> major deficiency in existing federated systems b) saying that
David> Abfab should fix this c) both
>>
I do not support either change.
I'd be comfortable adding a statement that the ABFAB architecture does
not provide a specific way for the user to inform the IDP about the
user's requirements for attribute releases.
Whether that's a major deficiency depends on what you're doing.
I agree there are cases where it is.
>>
>> I'd argue that trying to fix the concent problem in a general
>> manner at the federation layer may have done more harm over the
>> years than the privacy problem that is trying to be addressed.
David> Actually in my previous research we fixed this in a layer
David> above the federation layer, which we called the attribute
David> aggregation layer. So I agree that it is best to not fix it
David> in the federation layer.
>>
>>
David> iii) I dont buy into your whiteboard example of single entity
David> authentication, because a hacked whiteboard could trick the
David> user into opening the wrong file, which could be disasterous
David> during an important business meeting. SO mutual
David> authentication is needed here as well. If you want an example
David> where mutual authentication is not important, its one where
David> either the information being accessed is of very little value
David> to the accessor so that it does not matter if it is erroneous
David> information or not, or one where it does not matter who the
David> accessor is i.e. its public information.
>>
>> Most of the tools I'm familiar with for screen sharing etc would
>> not allow the white board to pick the presentation/file.
David> Meaning that the user sends an already chosen file to the
David> whiteboard? In which case I agree with you.
Exactly.
So, let's make it clear that it's critical that the user's software not
trust input from the white board without mutual authentication.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
