Re: [Auth]Re: What I percieve is wrong with IDsec (was IDsec specification draft)

[Hans Zandbelt]

At 16:58 1/9/2002 -0700, Mike Warren wrote:
>I fail to see the point of IDsec if it's just a glorified form-filling
>solution with the possibility of storing the data elsewhere; what
>about the *real* problem of *trustworthy* identity information.

IDsec is all about getting the right user data from your own storage
to the Internet service provider. Indeed you could use some of
this data for web-form-filling, but you can also use specific
data to solve the problem of trustworthy identity information as
I illustrate below.

>If you tell me you're ``Rhys Weatherley'', that is probably perfectly
>fine for an email conversation about a project (and I don't need IDsec
>to tell me this) but what about when you're selling me a car and tell
>me via the Internet that you're ``Rhys Weatherley''. In that case, I
>want proof. I want some mutually trustworthy third party to say,
>``yes, Mike, he's really called Rhys Weatherley''.

The solution that IDsec can offer:
your profile data may contain a certificate that is signed by
the mutually trusted third party .

As you mention yourself, it is required that some mutually trustworthy
third party exists in this scenario; otherwise
such a scenario is not possible, with or without IDsec.

Hans.


------------------------------------------------------------
Hans Zandbelt                         address@hidden 
Telematica Instituut                     http://www.telin.nl 
P.O.Box 589, 7500 AN                   Phone: +31 53 4850445 
Enschede, Netherlands                    Fax: +31 53 4850400