wolf_stranger at mail.ru
Wed Aug 17 04:37:56 PDT 2005
I'm not sure, if it's the correct place for my question, but I can't
I cannot understand, why bind a digital identity to particular URL? Why
not use pair of PGP keys or something like this?
User gives to site-consumer URL of site, that handles digital ID requests.
Site-consumer queries this url and obtains public key.
Then, it encrypts some string with this key and gives it throught user
agent to server with it's own public key (or it's URL). Server asks user
for login/password or in some other way ensures in user's identity. If
ok, it decrypts string, using user's private key and encrypts it wyth
client's public key. Then, answer is sent back to site-client. It
decrypts answer and compares it with original string, that must be
So, user identified by public key. So, he/she can use multiple servers,
that support one identity, and if one don't work can easily use another.
Also, if even identity server wil die, user (provided that he backed up
his pair of keys) can establish new server, not losing identity.
Other (may be, unrelevant) idea: user agent can intercept queries to
some identity server and handle these queries by self, so user don't
need to rely on any external servers to provide identity.
Sorry for may bad English...
WBR, Alexey Khmara
More information about the yadis