On 17-Mar-06, at 12:15 PM, Robert Yates wrote:
I agree that DIX should be able to move around all the identity
data you describe.
great, but I just want to clarify a point. dmd1 today can move
around all this identity data. The reason that dmd1 doesn't yet
fulfill our requirements is that it moves it too late in this
process for it to be useful to us. We need the data moved the
moment that a space owner adds a new user to the space.
To echo John's comments, why do you need this?
Do you also agree that DIX should allow the identity data to be
moved at this point?
I think to move the data as you describe, a tight coupling between
all parties is required.
Yes it is, except that DIX as proposed has the user present the
email, display name, jabber-id, to the application rather then
the application "looking it up".
do you envision a future draft with the "lookup" capability? in the
use case, as described, the identity data is needed and the user is
not around to present it.
Would be interested in hearing use cases for where this is needed
where the user had not already been there.
3 is not quite covered as we need more than just e-mails, we need
a display name, their jabber id so they can be instant messaged
and also their phone number.
Do you want those verified by a third party as well, or are you
ok that the user asserts those? If verified, then they would be
need be in an assertion. If not, then it is easy to move. Either
case, I think your problem statement is in scope for DIX.
Am a little confused here. If our application is installed by
Company X who wants to collaborate with members of Partner Y then
it is important that when we get identity information about a user
from Partner Y that it is Partner Y's homesite that is making the
assertions.
The Homesite is the users agent for managing their data. Liberty
deployments typically combine the identifier authentication and
property assertion operations. DIX is wanting to separate those so
that you can provide third party claims from many authoritative sites
in a single request, and that the Homesite does NOT need to be trusted.
ie. AT&T may claim that my persona has a phone number, VeriSign that
I have a specific email address, and Air Canada that I am Star
Alliance Gold. Company X needs to trust AT&T, VeriSign and Star
Alliance -- but not my Homesite.
p.s. just to be clear I am not a "pull" junkie. I just have
problems :)
Don't we all? I'm no exception to having problems. ;-)
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
