SLUG Mailing List Archives
[chat] "Centralised" authorisation / Community CA
- To: Penguinillas <slug-chat@xxxxxxxxxxx>
- Subject: [chat] "Centralised" authorisation / Community CA
- From: invisible ink <jdub@xxxxxxxxxxx>
- Date: Wed Jul 18 16:37:01 2001
- User-agent: Mutt/1.3.18i
You may scroll down and read "THE POINT" to skip my blabber.
Okay, so, I just don't get all this crap. Warning: I'm about to link to
the horrid creature that is Slashdot...
At which point did someone decide that to provide a centralised logon
service for a number of sites, you'd need some kind of smartypants server
I've done a lot of web development, and this token of anti-wisdom still
confuses me. If you can uniquely authenticate the client, and the client can
respond sensibly and uniquely to an authorisation request without user
interaction, THE WORK IS DONE.
I cannot see why the whole MS Passport thing matters, when the technology to
do this has existed and been supported by browsers for ages - certificates.
Not only is this so unique as to be eccentric, but you also get to invoke
the benefits of PKI. Whoopee.
If you're hosting a bunch of sites, or transferring information between
affiliates, you already have a unique value to match the data with. Okay, so
I've been stuck in head bashing PHP land for most of today, so I may have
missed something, but I'm pretty bloody sure I haven't.
What we need is a community CA, and their details built into Mozilla. (Not
sure of the architecture, but if you put all this in the PSM libraries,
then every program that used them would benefit, right?)
Not only would this be a benefit for the problems I've mentioned here, but
it would solve many other annoyances, and expand the world of encryption
and good authentication, which is becoming a critical problem for "network
services" built on new and immature (read: still reinventing Unix badly)
Penguinillas Pack GNUzis