using the identity url to contain a key fingerprint
mart at degeneration.co.uk
Wed May 25 10:01:04 PDT 2005
Jean-Luc Delatre wrote:
> Even if this introduce yet more constraints on the protocol, namely the
> ability to forward private keys from clients machines to authentication
> servers, it would be nice to have full interoperability between such a
> system and existing OpenID.
Unless I've missed something vital, there's not really any reason why
-- assuming the invention of a key-based login system -- there couldn't
be an OpenID identity server which identifies users by a public key
rather than a session Cookie. This would provide one-way
interoperability, allowing users of FancyNewPKSystem to use all of the
existing OpenID Consumers.
If you can think of a way to make the PK auth work without modifying the
client then please go ahead and start a project for it! I certainly
can't think of one, which is why I'm putting myself behind OpenID for
the time being despite it being just an interim solution.
More information about the yadis