Talk:Authenticate Person, With Token and LOA Process Flow Use Case

From IDESG Wiki
Jump to: navigation, search

comments from tom jones 2014-08-04

This use case suffers from the same problems that other attempts at anonymous authentication face.

  1. It does not describe how replay of the user's token is prevented.
  2. It does not indication how linkages created by the attributes from the AP can be prevented from linkage back to the user.
  3. It does not provide a mechanism for the user to express their intent to the RP that they intend to be anonymous.