Eric Norlin: Pseudonymous linking (Liberty Alliance)

Somehow Eric Norlin’s now got me defending Doug Kaye’s arguments! That’s OK. Actually, I’m pretty sure Eric’s wrong.

The fact that pseudonyms are used as the inter-system linking mechanism does absolutely nothing to reduce the risk that Doug raises. In other words, somebody who successfully steals a userid/password associated with a Liberty Alliance identity provider can thoroughly exploit any federated links. It doesn’t matter that the technology uses pseudonyms to accomplish the link — the access is still provided.

Are there any Liberty Alliance gurus out there who can set either of us straight?

This site uses Akismet to reduce spam. Learn how your comment data is processed.