(Illustration by Gaich Muramatsu)
>>>>> "Ivan" == Ivan Popov <pin_at_medic.chalmers.se> writes: Ivan> I'd like to give, say, a login process at site A an identity Ivan> name ensured by site B, so that the login program would Ivan> painlessly and securely verify my proof via B - I don't really understand the application, though. A passport, as you say, is purely authentication, and doesn't provide authorization for real services. It just allows "the authorities" to track the behavior of a particular identity. I can understand why "the authorities" would want this, but from the point of view of a service user, what is the benefit of this? I suppose some users could benefit by obtaining services essentially anonymously on the strength of having an identity vouched for by a particular authority (MasterCard?), but I don't see why this requires a global namespace uniquely identifying users. We already have Kerberos and SSH which have some of these features; what new applications would be enabled by (eg) allowing TGTs from multiple Kerberos realms at a given host? -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software.Received on 2004-01-20 00:15:43