Re: [Auth]Freport Update

[John]

Mike Warren wrote:
> > Catch-22: increased convenience (3rd party) trades off for reduced
> > privacy (transactional metadata gathering). Is this a trade-off
> > DotGNU is willing to make? The further down the road to integration
> > we go; the more difficult it will be to change our minds.
>
> Well, actually, that's not true. A small change could fix this: if the
> client grabbed their profile from the Profile Manager and sent it to
> the Profile Requester (instead of the Profile Requester getting the
> profile from a Manager directly), then the Manager wouldn't know which
> Requester was getting whose Profiles. Plus, the user still gets all
> the fun convenience (so long as they can run their profile client).

You've just described the design of the Freport Databank retreival
mechanism.

> In this case, though, there's not much need for a Profile Manager; one
> could just as easily use any sort of Web page (e.g. Geocities) to
> store their Profiles which the client would go out and grab.

Not the whole of the design of the protocol, but essentially.
Login/Certification adds an extra layer of protocol complexity on top of
HTTPS, and the connection needs to be stateful, but essentially and
simplified yes. 

John Le'Brecage