I know the privacy community is divided on this, and it’s not clear to me where the majority lies, but I’m not a fan of A.I. I’m amongst the A.I. skeptics who don’t trust it not just for privacy reasons, but also ethical reasons. I’m not convinced that even a private AI like Proton’s Lumo is a good thing. That’s why I try to avoid it.
No problem, it was just a suggestion.
But lets focus on the main topic and not drive away.
Thank you for explaining. I think you did a great job. Visuals always help!
Thank you.
But doesn’t Grok or any other service you may sign in to via Google’s SSO get some data from your Google account?
For public SSO like the one example from above uses OAuth, which doesn’t really give sensitive data, it only gives an authorization token. (see it like the session token).
But this only applies to public SSOs. If you go into the Organization level IDP there is OAuth, SAML, LDAP, Radius, Kerberos and many more.
ID-Austria provides OAuth and SAML2.0 for the SPs. OAuth a bit simpler and less granular, SAML2.0 complexer and more in the direction of enterprise use case.
Without an real-life example where I can research what it uses and which data it transfers. I’m unable to answer if the IDP gives the SP sensitive data.
One principle of the ID-Austria is data minimalization.
E-Mail aliases were probably not as popular back then as they are now, but I have been avoiding social media SSOs for over a decade.
I can’t say for sure about public IDPs, but on an organization level (NGO, Government, Company and nation) it provides easy and secure logins, and it is a real lifesaver for security.
Correct me if I’m wrong, but it seems like you are suggesting that digital IDs are MORE than the digital versions of physical ID documents, they are a form of SSO, or at least they can be used as such.
They are an IDP and they aren’t a form of SSO, they are SSO.
If that is what you’re saying, you may be right I would argue that physical ID are kind of a physical SSO in that they are used to authenticating yourself in the real world, and sometimes in the digital world. Is that a fair analogy?
There are three stages:
- Identification
- Authentication
- Authorization
Now it depends on the viewpoint if your statement is correct, and it is more of a philosophical question than a technical.