You might require that
data be encrypted with the public key associated with each site
so that the data is not mutually visible, but that covers just the
transmission. As soon as the information arrives at its intended
destination, two dishonest service providers can still share pro-
?¬?les and search for a match. That??™s one of the reasons why using
something unique and personal such as the SSN is really, really
bad practice. The point of the Directed Identity law is that such
a possibility should not be offered by the identity management
schema in itself. In other words, an authentication schema
should not rely on mechanisms that could give rise to correlation
handles. Imagine a situation in which the services you are
using require you to sign in, but they do not require any further
information about you besides the credentials you use for authenticating.
One example of such a service could be a photoretouching
website. After having signed in, you can upload one
picture, and somebody will ?¬?x red eyes on-the-?¬‚y and send it
back to you in the context of the same session. Another such a
service could be a traf?¬?c information service or weather reports.
When you sign in, you can get information about one area of
choice.
Pages:
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187