OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Anonymity "Executive Summary" and pre-note

Dear SAMLers,

   I am the current 'champion' of the anonymity
   I would like to hand over this role to someone
else.  As part of the possible hand-off, Jeff Hodges asked
me to write up on anonymity and SAML.  Since there is
a fair bit to say, I've divided my discussion into
this "pre-note" and the real thing.  This pre-note
includes a very concise Executive Summary for those of you
who don't have the time or inclination to
read the (really interesting!) longer note.
   Those of you who intend to read the longer note
should read this pre-note first.

   In performing the write up, I've reviewed the
discussions on the SAML list and I've done research
on the web. In the note, I am by no
means intending to be comprehensive about anonymity
and related features e.g. unobservability. Rather am I
trying to be relevant to SAML.
   Also, I'm going to focus on new or newly
synthesized ideas rather than repeating design
decisions that have already been made and written

 Here's the outline of the note followed by
the Executive Summary.

   Definitions that Relate to Anonymity
   Pseudonymity & Anonymity
   Behavior & Anonymity
   Upshot for SAML (aka Executive Summary)

Executive Summary/

   Origin site authorities (i.e. Authentication Authorities and
Attribute Authorities) can provide a degree of "partial anonymity"
by employing one-time-use identifiers or keys (for the "holder of
key" case).
   This anonymity is "partial" at best because the Subject is
necessarily confined to the set of Subjects in a relationship
with the Authority.
   This set may be further reduced (thus further reducing anonymity)
when aggregating attributes are used that further subset the user
community at the origin site.

   Users who truly care about anonymity must take care to
disguise or avoid unusual patterns of behavior that could
serve to "de-anonymize" them over time.


That is it for the pre-note.

Please read the real note on Anonymity in SAML
if you are so inclined.  Comments on that
note are welcomed.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC