During the Internet Identity Workshop I thought that it might be time to "pretend" to relying parties that I don't have an email address. Some years ago I tried to live without a "C:" partition on a windows systems. I had several versions of Windows installed on different partitions and at some point in time removed the oldest version on C by removing the whole partition. After some time I gave up on this scheme because to many dump scripts and too many dump programmers insisted that either the system is on C or that the program or parts of it are installed on C. If you don't have a C than things start to fail in interesting ways.
Today, I think, that many relying parties (social sites) demand that I have a valid email address. I think that this might be an assumption that is more and more false as "social" people are using the social sites. Or more and more people will have email addresses but will not know that they have one.
So relying on email for "verification" (registration) or credential reset might not be a good idea. More probably the notion of an "account" is wrong to begin with.
Integrity Properties for Federations
2 weeks ago
No comments:
Post a Comment