Because Request-ID's would be guaranteed persistant *only* for the life of a
session (where session is defined by the users themselves), they are next to
useless as mechanisms for generating long-term user-specific profiling, but
still useful for in-aggregate profiles. This is a Good Thing - the user
doesn't lose any privacy and the info provider can still get in-aggregate
data. Now there are definitely times when user profiles help the info
provider provide better info - sites like NewsPage and HotWired are providing
that now with user authentication. If the clients could upload that profile,
or specific parts of the profile, only when needed, then the servers don't
have to maintain huge databases of profiles tied to a user name and password.
This is where the business card proposal comes in, perhaps to be folded with
the URA proposal from Bunyip.
I hope this answers James's concerns about privacy. It's a huge concern
of mine, and yet I have clients screaming for ways to provide valid
profile-based services. Surely a balance can be struck somehow through
properly designed protocols.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/