- From: Al Gilman <asgilman@iamdigex.net>
- Date: Fri, 07 Nov 2003 17:29:09 -0500
- To: Michael Cooper <michaelc@watchfire.com>
- Cc: <wai-xtech@w3.org>
At 03:44 PM 2003-11-07, Michael Cooper wrote: >I just reviewed http://www.w3.org/TR/2003/WD-turingtest-20031105/ and would >like to comment a couple of the proposed solutions. The Federated Identity >Systems provide the ability for people to identify themselves to a Web site, >and implicitly to identify that they are human, not a robot. A concern with >this is that it requires the user to identify themselves uniquely, not >simply prove they are human, which is the goal. This raises a privacy >concern, that you must identify yourself to the maintainer of a free >resource that otherwise allows anonymous access to humans. While some >resources, by their nature, require specific identifying information, others >can (even should) permit anonymous access and the Turing test should support >that. > >I propose that this consideration be included in the commentary in a future >draft. Good point. Proving which human you are can be a_fortiori used to prove that you are a human, but the information so released could be abused on the receiving end. Ways to fix this include: -- attribute certificates The site that knows you doesn't really pass your identity to its federation partner, just pass to them or back through you a certificate that you are a known quantity meeting the terms of service of the partner. These can be one-time tickets, and they can require a login-like authentication per issue (like repeating your adminstrator password to do installs in Apple OS X) and they can be limited to one per minute and ten per day or something like that so that they can't be extracted in bulk by an abuser. -- machine-to-machine communication Human user receiving a challenge by mail forwards, by mail, the challenge to their agent than negotiates credentials with the agent of the other party by Web Services or SMIME. So there are two forks to following up on this observation: a) Find out from those needing the defenses just how tight they feel they need to be with "humans only" or "one to a customer" constraints. How much could we relax those and they can still get on with life? b) Examine the proposals dealing with identity federation to see if they actually pass sensitive data or perform a "need to know" test and only release [as certified] what the recipient needs to know. Patients have to sign medical release forms. To get on somebody's "known email senders" list you are probably quite happy to be identified, at least in human terms, to that party. You shouldn't have to jump through a hoop for a website, there should be some other way to qualify, not to go directly to their "known email senders" list but to their inbox for screening. Get you admitted for the person employing the spam defense to read your .sig / bio / vcard and say 'yes.' My favorite pipe dream on the spam front is to apply economic pressure. Make the unrecognized person requesting access to your inbox pony up a deposit. If the recipient considers the message a spam, they keep the deposit. If they say the message is OK, the sender keeps the deposit. It's that simple. Would separate advertisers that people welcome from spammers who live off the unrealistically free cost of IP. Al >Michael > >-- Signature -- > >Michael Cooper >Accessibility Product Manager, Watchfire >1 Hines Rd, Kanata, ON K2K 3C7, Canada >+1 (613) 599-3888 x4019 >michaelc@watchfire.com >http://www.watchfire.com/ > >Watchfire's spam filter often mistakes legitimate email for spam. If this >filter sends you a reply that an email to me was not delivered, please >inform me of the problem using alternate contact information provided above. >I do not consider your message spam and apologize for problems caused by >this filter.
Received on Friday, 7 November 2003 17:29:29 UTC