W3C home > Mailing lists > Public > public-xg-webid@w3.org > February 2011

Re: [foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission?

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 11 Feb 2011 19:41:21 +0100
Cc: <corani@gmail.com>, <jan@wildeboer.net>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>, <foaf-protocols@lists.foaf-project.org>
Message-Id: <BBCFAFC1-8F6D-4078-8BE4-AB09693ED9F8@bblfish.net>
To: Peter Williams <home_pw@msn.com>

On 11 Feb 2011, at 19:10, Peter Williams wrote:

> 
> It's correct that the hard version of the problem is the logout problem - which is only a coded way of talking about that which cannot be named: sessions.

> > From: corani@gmail.com
> > I believe this is very similar to the "logout" problem, and should be
> > solved in conjunction with that.
> 

Why is that a hard problem? 

There are some parts that are simple:

  -  a UI to show what you are logged in as and to enable the anonymous mode
  - Tying cookies and SSL sessions to identities

The hard problem is information leakage, but that is something one can build up over time. How far you go there depends on how much you want to protect identities and cross referencing.

Henry
Received on Friday, 11 February 2011 18:41:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:22 UTC