RE: [Auth]Project discussion

[Nick Lothian]

Well, if no one else will challenge this, I will.

I don't think an architecture relying on browser plugins or any special
client side software is going to work.

Have you ever heard of RoboForm? (http://www.roboform.com) It sure hasn't
been discussed on this list before, and yet it does exactly what you are
after, it's free and it works with all browsers (they claim).

So why hasn't it taken the world by storm? Why isn't everyone using it, or
at least discussing it? Why does google only find 5,670 references to it,
and yet it finds 61,600 references to Hailstorm.

I think client side software is pretty much useless. People don't like
plugins, and historically, plugin take-up is slower that technology take-up
on the serverside. As well as that, there are plenty of environments in
which they simply don't work.

I seem to rememeber one of the initial use-cases of this project was someone
taking their personal identity to a net-cafe on a floppy disk.

Well, most net-cafe's have their computers in total security lock-down. They
have flash installed, and maybe real-player, but not much else, and there is
no way they are going to let someone install their own plugin. (Also, most
disable the floppy drives - or use Macs without floppies. What about this
case?)

What about universities and corporate environments? Neither allow users to
install their own plugin.

I agree that the way to counter Passport is to do the simplest thing
possible. However, I disagree with your analysis of the simplicity of client
side vs serverside technology take-up.

Regards,
  Nick Lothian

> -----Original Message-----
> From: Ron Burk [mailto:address@hidden
> Sent: Sunday, 15 July 2001 3:00 AM
> To: address@hidden
> Subject: [Auth]Project discussion
> 
> 
> I'm reading posts in this list and thinking there's at
> least two or more projects being discussed. The project
> I'm really interested in (which may not be what anyone
> else is talking about!) goes like this:
> 
> a) create a simple/small browser plug-in that manages an
>      encrypted local database of personal information
>      (no third-party servers for auth whatsoever, use
>      the Netscape plug-in API, keep everything really
>     simple).
> 
> b) create a simple specification for how web servers can
>      request personal information from this plug-in using
>      existing web standards (might not be much more
>      complicated than creating a request in the form
>      of an XML file, then referring to that file's URL in
>      your web page via an <embed> tag).
> 
> c) implement the plug-in for the top browsers, try out the spec
>      on some web sites, and then submit the spec to the W3C
>      process.
> 
> With the right group of talent, it seems like this could all be done
> within a few weeks, and offer an immediate alternative to Passport
> for the very limited uses the vast majority of users make of
> Passport today.
> 
> I'm not 100% sure anybody else is thinking along these
> same lines. If they are, maybe this little project would be
> better split off onto another mailing list. If they aren't,
> then I'll shut up :-).
> Ron Burk
> Windows Developer's Journal, www.wdj.com
> 
> _______________________________________________
> Auth mailing list
> address@hidden
> http://dotgnu.org/mailman/listinfo/auth
>