By Tracy Mitrano. When you authenticate to a service, do you know what information about you is being communicated between the login page and the service provider? Are there distinctions among services, for example, Facebook or Google or Yahoo? Does it make any difference whether the service is for consumers, or, in higher education, under an enterprise contract? Is there a bridging authentication service, for example InCommon? If so, what difference does that make in terms of the release of “attributes,” or pieces of information, about your identity? If looked at by a human, would those attributes identify you as a distinct individual? Or are they unidentifiable parts for a human reader, but easily mined and recombined in ways that even pedestrian software programs can (re)create your identity? What do service providers do with that information? Read more...
9 mars 2014
Goldilocks and Informed Consent
Commentaires