passel ...

I finally got around to reading the Passel whitepaper. Thinking back on prior readings, others have proposed a third-party data-brokers which handle all communication and selective document handling between parties (I think there was even a "notary public" PKI architecture which did very much what passel proposes).

Furthermore, it seems to me that Passel, SAML, Liberty ... even PKI ... are based on the assumption that DNS is trusted. From the Passel whitepaper:

The pass MUST contain the following information:

• The fingerprint provided by the Agent in the request.
• The date of issue (which MUST NOT be in the future).
• The expiration date (which MUST be later than the date of issue).
• The secure URL at which the Signer's service description file is located.
• The value(s) requested by the Agent.
• The profiles which a Target can use to verify the counter-signed value(s).

The key here is "secure URL", which loosely means "trusted hostname as provided by my local DNS provider". Now, if I compromize the DNS, spoof the IP address, then I compromize the entire foundation of trust on which pass was established. Even signatures could be compromized if the asymmetric keys are both swapped.

I met with XNS.org about 3 years ago (before they became XDI/XRI) and they got it right: Identity has to be as foundational to the Internet infrastructure as DNS. I believe one of the reasons DNS works is how distributed and temporal it is ... if you get a "non-authoritative" answer, don't trust it and look somewhere else. Passel does have a distributed nature, but it's not the only one with that claim.

I'm going to have to seriously ponder this one more ...