Hallam-Baker, Phillip wrote:
So what we have is as follows (I think):
1. MTA identity.
2. Domain identity.
3. Sender's identity.
People start to argue over 'identity'
I think we have hooks we can hang the accreditation on. email addresses are
one type of 'identity'.
I would relabel the rest 'intersubjective agreement between the accreditors
as to the party signified by the name'.
Yeas, it sounds horrible, and it is not likely many folk here read semiotics
and hermenetics. The basic insight I got from the hermeneutic stuff was that
if you get picky you can claim any statement is subjective, you just attack
the axioms. Black is white if you refuse to believe the evidence to the
contrary.
My main concern is identity of the agent that injects the mail into the
system (MTA) as opposed to the machine/human sender that actually
created the message. I think that these two identities are inherently
separate from each other and should be addressed separately.
The whole point of introducing the term was to serve as a
more illustrative
name for what in SAML are called 'attribute assertions'.
An interesting thought - can we use SAML for exchanging
reputation and
accreditation info?
Yes, absolutely. That is one of the things I designed it to do. But the
anti-spam world is not very keen on XML. I think you would find it very
heavy for a first line of defense.
Has there been any work on a profile of SAML for this kind of stuff?
Would there be enough interested parties in this that we can possibly
get cracking on it?
Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"All that is gold does not glitter" (LOTR)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg