[Pdx-pm] kwiki and TypeKey - spammed again!

Eric Wilhelm scratchcomputing at gmail.com
Mon Apr 16 16:39:10 PDT 2007

# from chromatic
# on Monday 16 April 2007 04:22 pm:

>> 2.  Who said identity and trust had anything to do with
>> authentication?
>I did.  Unauthenticated identities are difficult to trust.

Authentication says whether or not you get to see the porn on this 
particular server.  Identity says whether or not you're the guy with 
the wooden shoe fetish and a well-funded pay-per-click account.  OpenID 
is only identity.  Typekey, bitcard, etc too.  The openid server 
doesn't know anything about your porn accounts (well, unless it wants 
to, (but it's still not in charge of whether or not your 
sabot.example.com account is paid-up.))

Browsers have everything they need for identity and trust in the ssl 

As for the tangent:  You can authenticate that identity with a cookie or 
whatever (hmm, logout the identity on the server side?)  You could even 
use cookies in conjunction with digest auth over ssl, etc.  The browser 
doesn't logout, the server ends the session.

"Everything should be made as simple as possible, but no simpler."
--Albert Einstein

More information about the Pdx-pm-list mailing list