[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Freport Update
From: |
Hans Zandbelt |
Subject: |
Re: [Auth]Freport Update |
Date: |
Sat, 16 Mar 2002 13:19:00 +0100 |
> gain endorsement? Or as I phrased it originally, "do we go with code
> that's out there (ID-Sec, which provably misses on one requirement or
> another) or do we stick by our philosophical guns (and insist that
> projects meet the requirements)?"
???
Which one would be missing now considering the local Profile Manager?
I think we just concluded that it must be possible to create a local
Profile Manager client library; after all you use a similar concept
for Freport. I really don't see the difference here.
But I also want to get back to the IDsec remote Profile Manager:
I think the issues of trust that you see can equally be applied
to the party where someone would download/purchase/get/retrieve
the Freport sofware!
I'd say that this party is a good party for being a remote Profile
Manager, just as David stated.
And I can go on about assumptions and issues of trust that are not
IDsec specific:
- you trust the internet service provider that you use
to send out the Freport announcements, software and updates.
- you trust the e-mail software that you use to mail
about Freport.
- you trust the creator of the compiler that you use
to compile the Freport software.
- you trust the creator of the encryption techniques
that you use in Freport.
- you trust the DotGNU auth mailing list maintainer and the
software
As you can see there is always a trusted third party problem, and
a trusted communication channel problem even for a local Profile
Management system like Freport.
Can we agree that this is not an IDsec specific flaw?
Or does anyone have any new arguments?
If we agree I would like to take a look at Freport so we can align
Freport with the IDsec local Profile Manager API and hopefully
even combined with the Liberty Guardian.
Hans.
PS: the IDsec implementation as it exists is no threat to the DotGNU
auth system initial requirements or Freport; it is focussed
on remote Profile Management although non-average users can use it
for local Profile Management
- [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/15
- Re: [Auth]Freport Update, David Sugar, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/15
- Re: [Auth]Freport Update, Norbert Bollow, 2002/03/15
- Re: [Auth]Freport Update, John, 2002/03/16
- Re: [Auth]Freport Update,
Hans Zandbelt <=
- Re: [Auth]Freport Update, David Sugar, 2002/03/16
- Re: [Auth]Freport Update, John, 2002/03/16
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/16
- Re: [Auth]Freport Update, Mike Warren, 2002/03/20
- Re: [Auth]Freport Update, John, 2002/03/16
- Re: [Auth]Freport Update, Mike Warren, 2002/03/20
- Re: [Auth]Freport Update, Norbert Bollow, 2002/03/21
- [Auth]Can you trust Dubya with your Data?, Albert Scherbinsky, 2002/03/22
- Re: [Auth]Freport Update, Norbert Bollow, 2002/03/16
- Re: [Auth]Freport Update, Hans Zandbelt, 2002/03/15