using the identity url to contain a key fingerprint

Martin Atkins mart at
Wed May 25 10:01:04 PDT 2005

Jean-Luc Delatre wrote:

> Even if this introduce yet more constraints on the protocol, namely the 
> ability to forward private keys from clients machines to authentication 
> servers, it would be nice to have full interoperability between such a 
> system and existing OpenID.

Unless I've missed something vital, there's not really any reason why 
-- assuming the invention of a key-based login system -- there couldn't 
be an OpenID identity server which identifies users by a public key 
rather than a session Cookie. This would provide one-way 
interoperability, allowing users of FancyNewPKSystem to use all of the 
existing OpenID Consumers.

If you can think of a way to make the PK auth work without modifying the 
client then please go ahead and start a project for it! I certainly 
can't think of one, which is why I'm putting myself behind OpenID for 
the time being despite it being just an interim solution.

More information about the yadis mailing list