Re: [Auth]Authorization Certificates

[Adam Theo]

"David L. Nicol" wrote:
> 
> Adam Theo wrote:
> 
> >
> > take the above, but instead of end users, have them as servers. servers
> > have certificates, and these certificates are trusted by banks, other
> > servers, other organizations, etc. and when other servers or users deal
> > with these certified servers, they find 'links of trust' from people
> > they trust to these servers.
> >
> 
> And imagine the heists that become possible if it is possible to
> compromise the PKI software!

actually, as i imagine it, there would not even need to be any software,
except the software that follows the links.

to me, i see this system as being a protocol of XML data to be stored by
a user/server and accessible for the world to see. something like the
below would be made by myself and put in my Identity account:

<certificate>
  <trust>
    <name>Ted Rolle</name>
    <id type="JIS">address@hidden</id>
    <relationship>partner</relationship>
  </trust>
  <trust>
    <name>Mike Hearn</name>
    <id type="JIS">address@hidden</id>
    <relationship>partner</relationship>
  </trust>
  <trust>
    <name>Eric Murphy</name>
    <id type="JIS">address@hidden</id>
    <relationship>partner</relationship>
  </trust>
</certificate>

in the above, the <id/> tag represents the Virtual Identity account URI,
or whatever other naming scheme we decide to use in this...

what this would do, is since it is viewable by the world (with maybe
some exceptions or rules), others could 'follow' these trust links. who
would? well, people who trusted me (i was listed in their trust file)
would follow them to see who i, and therefore they, trust.

it is all about peer review and trust. i trust A, and A trusts B, so
therefore, when i deal with B, i can trust him, too.