Tuesday, April 08, 2008

X-ray Vision?

Faster than a speedy audit
More powerful than legislation
Able to see through SP firewalls
It's SuperIDP!

In discussing the relevance of the New Zealand government playing a role in citizen interaction with non-government applications (responding to Vikram's assertion that governments can do so when allowed to by the constituent citizens) Kim pulls a familiar arrow from his quiver
If I lived in New Zealand I would be working to see that the Commission’s system is based on a minimal disclosure technology like U-Prove or Idemix. I would also be working to make sure the system avoids “redirection protocols” that give the identity provider complete visibility into how identity is used. (Redirection protocols unsuitable for this usage include SAML and WS-Federation, as well as OpenID).
(emphasis mine)

That must be some magic redirect sequence if it somehow gives to the IDP 'complete visibility' into, beyond the where, the what, why, who and when of an SP's use of any identity it received from that IDP.

Personally, if I was an IDP that had such corporate X-ray vision (and no scruples about misusing it), I think I'd be applying it to see what Google was up to rather than on my federation partner SPs. And of course, on the girl's change room at school.

Separately, should not Kim's list of mechanisms that give the IDP partial visibility into a user's SP activities be extended?

No comments: