I'm new to what people are trying to do here, so please forgive my
ignorance.
After reading the use cases document and the protocol document, I'm
scratching my head as to where they meet. It would be helpful if the
requirements derived from the use cases were explicitly documented,
so that the proposed solution could be evaluated against the
requirements; otherwise, any number of approaches would work.
Most of the Browser-Based use cases, for example, could be met by
modern browsers that keep identifying information on behalf of users,
possibly along with P3P and APPEL (to manage the users' preferences
about releasing it). The only requirements there that aren't met
having to do with portability of identity across devices, but that
could be met by a persistence format.
I suspect that there are a few unwritten requirements implied here,
including;
* That an "identity agent" be a separate network entity, potentially
under the control of a separate party, which has its own identity.
* That currently deployed user agents be able to use them without
modification.
Is this the case, and are there more? Knowing these kinds of
assumptions and requirements would be helpful in evaluating this
proposal.
Also, some discussion of what motivated the choice of SAML (which
even its strongest proponents wouldn't call "simple") would be helpful.
Cheers,
--
Mark Nottingham
[EMAIL PROTECTED]
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
