Subject Re: discussion on assurance
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Wed, 06 Jul 2011 01:15:30 +0100

On 05/07/2011 18:36, RL 'Bob' Morgan wrote:

But it is very important to note that it is perfectly fine to have some
non-assured identities living alongside ones with qualified assurance
(1, 2, eg) in the same IdM system. Just because my system has some
"shared accounts" doesn't mean that my system's
well-identified-individual accounts can't be LoA2. Of course my system
has to be able to distinguish between the two.

and be able to carry this in protocol to the relying party. Which is why LOA has to be part of the protocol, since this is a dynamic decision.




David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page:
Research Web site:
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5