All the schemes are taking privacy pretty seriously. One of the starting points here though is the observation that much of the privacy sensitive personal data being collected at Web sites is not actually the data that is really wanted in the first place. Advertising driven web sites want to know your demographic profile, they ask you for zip code and date of birth because they are proxies for that. In the process they obtain a 75% unique identifier. If you are willing to use a custom client and a shared domain name you can create a cypherpunks grade privacy solution pretty effectively with all the Identity 2.0 schemes. The key part is that each identifier binds to exactly one person but each person can have multiple identifier. So you could have a client that automatically binds new identities on the fly each time you go to a different Web site. The Shiboleth people did something of this sort on top of SAML. > -----Original Message----- > From: smb@xxxxxxxxxxxxxxx [mailto:smb@xxxxxxxxxxxxxxx] > Sent: Sunday, February 12, 2006 7:16 PM > To: Hallam-Baker, Phillip > Cc: Richard Shockey; John Merrells; Ted Hardie; Hollenbeck, > Scott; Lisa Dusseault; ietf@xxxxxxxx > Subject: Re: IETF 65 BOF Announcement: Digital Identity > Exchange (DIX) > > In message > <198A730C2044DE4A96749D13E167AD3792A388@xxxxxxxxxxxxxxxxxxxxxxxxxxxx > om>, "Hallam-Baker, Phillip" writes: > > >I am sure that the security area gurus will insist that the > resulting > >protocols will be proof against man in the middle attack and do not > >result in passwords being exchanged enclair. > > > > Actually, my bigger concern is privacy. I like to decouple > the identity I use on different web sites.... > > --Steven M. Bellovin, http://www.cs.columbia.edu/~smb > > > > _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf