Subject Re: draft charge, refeds working group on attribute release
From Rhys Smith <smith@xxxxxxxxxxxxx>
Date Wed, 6 Jul 2011 13:23:43 +0100

On 6 Jul 2011, at 13:01, David Chadwick wrote:

> I was only talking about identification first, because Steve asserted that this was all that was needed, and I wanted to point out that after you had done that, what you really wanted was authz. Identification is only needed if you want to track the user between transactions, otherwise authz on its own is sufficient. And identification can be done by simply adding another "uniquely identifying" attribute to the authz set. So in this sense, the use cases are the same.

We have way too many instances of completely overloaded terminology in this space. Federation, identification, authorisation - all mean different things to different people. No wonder we all have so many arguments and never get anywhere...

I personally wouldn't call tracking that a user is the same user who visited a week ago "identification" as that to me implies linkability to a real individual.

But that's an aside. I didn't think this thread had had enough of those yet...

Dr Rhys Smith                                   e: smith@xxxxxxxxxxxxx
Engineering Consultant: Identity & Access Management  (GPG:0xDE2F024C)
Information Services,
Cardiff University,                            t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff,                     f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom.                      m: +44 (0) 7968 087 821