Vittorio Bertola wrote:
I see this as one of the many manifestations of possibly the biggest shortcoming in the original design of the Internet's architecture, i.e. not having an "identity layer" taking care of user authentication and information sharing in a uniform way below all application protocols
That's just impossible because unit of identification (company, site, family, individual, host, process in a host etc.) and required security is different case by case depending on applications. According to the end to end argument, The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system some knowledge available at the application layer is essentially required. Moreover, knowledge merely at application layer is often not enough. For example, even if application is limited to e-mail, required security for identification depends on the amount of possible loss caused by security breach, which may be $1, $1k, $1M or $1G, "knowledge" on which is available at the upper sublayer of the application layer. Masataka Ohta
