Yet Another MerryGoRound
mart at degeneration.co.uk
Tue May 24 08:22:53 PDT 2005
Jean-Luc Delatre wrote:
> Or at least that's what it feels like when just dropping in...
> I am in search of a distributed authentication system, i.e. a way to
> disseminate signed documents (*not* crypted) which authorship could be
> This is a common subproblem to all SSO or distributed ID systems.
> Having browsed thru the archive I am puzzled by the questions asked
> which are a strange mix of murky implementation details and
> "philosophical" considerations.
> Do you guys really have a clear understanding of what you are heading for?
> From my own view I would rather avoid reinventing the wheel as far as
> the *basics* are concerned.
[snip! some complaints about SHA1]
> But these are only minor problems relative to what I see as the *central
> Only a public key system could match the challenges of a distributed
> authentication scheme!
[snip! "The masses don't understand cryptography" observation]
> But nevertheless no one will cope with the problems without something
> similar to the PGP logic.
> Mucking around topics like "multiple identity servers" is utterly
> useless, there is no "good answer".
> Unfortunately the only path seems to be a *reimplementation* of just the
> needed subset of already proven solutions, both on the server side and
> geeky or proprietary languages BML, Perl, Ruby, ASP, .NET, whatever,
> because if you target "the masses" (as I do...)
> you need to use what is available to them.
> Yeah, I am a bit disappointed...
I'm a bit concerned as to what your point is. Your specific complaint
about SHA1 notwithstanding (I don't know enough about the subject to
comment on that) the rest of it seems to not really go anywhere.
What are you proposing? That OpenID be dropped in favour of PKI? That
OpenID only be supported for PHP users?
I'd love to know what it is that you are disappointed about, but every
paragraph in your message seems to be about a different topic.
All the best,
More information about the yadis