Talk:Authenticate Person, With Token and LOA Process Flow Use Case
From IDESG Wiki
comments from tom jones 2014-08-04
This use case suffers from the same problems that other attempts at anonymous authentication face.
- It does not describe how replay of the user's token is prevented.
- It does not indication how linkages created by the attributes from the AP can be prevented from linkage back to the user.
- It does not provide a mechanism for the user to express their intent to the RP that they intend to be anonymous.