>>>>> "Ivan" == Ivan Popov <[EMAIL PROTECTED]> writes:
Ivan> I'd like to give, say, a login process at site A an identity
Ivan> name ensured by site B, so that the login program would
Ivan> painlessly and securely verify my proof via B -
I don't really understand the application, though. A passport, as you
say, is purely authentication, and doesn't provide authorization for
real services. It just allows "the authorities" to track the behavior
of a particular identity. I can understand why "the authorities"
would want this, but from the point of view of a service user, what is
the benefit of this? I suppose some users could benefit by obtaining
services essentially anonymously on the strength of having an identity
vouched for by a particular authority (MasterCard?), but I don't see
why this requires a global namespace uniquely identifying users.
We already have Kerberos and SSH which have some of these features;
what new applications would be enabled by (eg) allowing TGTs from
multiple Kerberos realms at a given host?
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
