â€¦And when did it know it?
Kim Cameron sums up the reasons why we need to understand the technical possibilities for how digital identity information can affect privacy; in short, we canâ€™t make good policy if we donâ€™t know how this stuff actually works.
But I want to call out one assertion he (and heâ€™s not the only one) makes:
First, part of what becomes evident is that with browser-based technologies like Liberty, WS-Federation and OpenID, NO collusion is actually necessary for the identity provider to â€œsee everythingâ€.
The identity provider most certainly does not â€œsee everythingâ€. The IP sees which RPs you initiate sessions with and, depending on configuration, has some indication of how long those sessions last. Granted, that is *a lot* of information, but itâ€™s far from â€œeverythingâ€. The IP must collude with the RPs to get any information about what you did at the RP during the session.
Completely right. I'll try to make this clearer as I go on. Without collusion, the IP doesn't know how the user actually behaved while at the RP. I was too focussed on the “identity channel”, thinking about the fact that the IP knows times, what RPs were visited, and what claims were released for each particular user to each RP.