Re: 3 Proposals: session ID, business-card auth, customer auth

James Pitkow (
Wed, 19 Jul 1995 18:35:36 -0400 (EDT)


Dan wrote:
> In message <>, Roy Fielding writes:
> >
> >>******* I. The Request-ID: header field:
> >
> > (it can indeed be used to identify individuals,
> > if the individuals are not sophisticated enough, or if the tracker
> > is persistant).
> Please demonstrate how this is done. No fair spreading Fear,
> Uncertainty, and Doubt.

Ok. Here's a business card that you require for site access:

Dr. Jose Cuervo
Principal, Ultrmar

1001 East Park Ave.
Suite 253
NN NY 10100-9540 USA


Part of the beauty of data is that it tells you:

1) what it is
2) what it is not & it's
3) proximity to other data

For example, from the first line I can go through a log file and
cluster people as sessions and tell you the following. The more data,
the greater the reliability of correct identification.

which sessions are doctors
which sessions are not
which sessions may be like doctors (e.g. lawyers, brokers, etc.)

the person's gender
which sessions are not this person's gender, etc.

the person's race
which sessions are not like this person's race, etc.

and even the person's education level
which sessions are not like this person's education level, etc.

So, one bit of data can yield to multiple inferences.