[Pdx-pm] kwiki and TypeKey - spammed again!
Eric Wilhelm
scratchcomputing at gmail.com
Mon Apr 16 16:39:10 PDT 2007
# from chromatic
# on Monday 16 April 2007 04:22 pm:
>> 2. Who said identity and trust had anything to do with
>> authentication?
>
>I did. Unauthenticated identities are difficult to trust.
Authentication says whether or not you get to see the porn on this
particular server. Identity says whether or not you're the guy with
the wooden shoe fetish and a well-funded pay-per-click account. OpenID
is only identity. Typekey, bitcard, etc too. The openid server
doesn't know anything about your porn accounts (well, unless it wants
to, (but it's still not in charge of whether or not your
sabot.example.com account is paid-up.))
Browsers have everything they need for identity and trust in the ssl
support.
As for the tangent: You can authenticate that identity with a cookie or
whatever (hmm, logout the identity on the server side?) You could even
use cookies in conjunction with digest auth over ssl, etc. The browser
doesn't logout, the server ends the session.
--Eric
--
"Everything should be made as simple as possible, but no simpler."
--Albert Einstein
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
More information about the Pdx-pm-list
mailing list