[WG-UMA] [UMA-Specifications] Consider the privacy implications of exposing an RO’s AS (#107)

Zhanna Tsitkov tsitkova at mit.edu
Wed Aug 27 10:56:40 CDT 2014


There is relevant section at http://tools.ietf.org/html/rfc6819#section-4.6.7

( For Audit spec per https://docs.google.com/document/d/1h8Hq6bJVW3_l7DE4U45uipIKsFBYWf6sf8HfH0UjHwI  it is mentioned in Section 3 Audit Log Parameters under endpoint_uri)

On Aug 27, 2014, at 11:46 AM, Eve Maler <notifications at github.com<mailto:notifications at github.com>> wrote:


When a (100% untrusted) client first approaches a resource, if it's UMA-protected, the first thing an RS will do is return the as_uri where the client can engage in flows to try and gain access. Does revealing the AS location compromise privacy in any way? For example, if the RO (let's assume it's a human) runs their own AS, this information could uniquely identify that person. Is that a problem? Is it simply inherent in the nature of having an AS mediate protection?

—
Reply to this email directly or view it on GitHub<https://github.com/xmlgrrl/UMA-Specifications/issues/107>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-uma/attachments/20140827/3073b42f/attachment.html>


More information about the WG-UMA mailing list