Problems with trust
Posted Oct 6, 2006 15:17 UTC (Fri) by copsewood
In reply to: A look at OpenID
Parent article: A look at OpenID
Trust is a very difficult thing to automate in a decentralised manner other than in very narrow contexts. Consider the kind of trust questions an identity user site might be interested in:
a. Can this user be trusted to interact accountably and responsibly with children under the age of 16 ?
b. Can this person be trusted to order goods on-line to be delivered to the home address on the bank card used to a value of less than $100 ?
c. Can this entity be trusted to deliver an email to my inbox which will not waste a couple of seconds of my limited lifespan ?
d. Can this person identified by an organisation I have a support contract with be trusted not to have any conflict of interest through operating the root account on my supported server in connection with support access they have recently had to confidential data of specified competitors in my industry ?
e. Can this person be trusted as being a recent line manager within the organisation identifying him or her of a job applicant to provide a reference as their recent line manager ?
These trust relevant questions are so different in their requirements that I think each would require entirely seperate protocols. Having a common protocol that authenticates the players' identities is only the first step.
to post comments)