[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Auth]Authentication Trusts
|
From: |
Myrddian |
|
Subject: |
[Auth]Authentication Trusts |
|
Date: |
Thu, 19 Jul 2001 11:46:43 +1000 |
|
User-agent: |
Mutt/1.3.17i |
Ok, there has been a lot of talk b/w us about the authentication scheme, now
the primary problem which
arises is that of Trust. Perticularly financial records, so you can purchase,
rent, sell
these primary actions which are very fundamental to e-commerce.
I disagree with the idea of having the user data stored on the individual users
machine and let him
self authenticate. That's why a hybrid system was introduced.
Also the problem of, do I trust server 'A' authentication of user 'a'
Well after giving it some thought, I thought ok treat authentication on a
user-user or case by case
basis. If you want any monetary transction to happen a bank is going to be
involved. so why
not involve the bank. Think about it you authenticate user 'a' on server 'A'
but also at the sae
time you query user 'a' nominated bank (this only happens on a financial
transaction, when a bank
or some sort is already involved) to see if you can trust user 'a' so all of a
sudden
the users bank is the authorative answer, user A then receives a ticket from
his bank allowing
him to be automatically authorized when using authentication server A.
the idea is quite simple the users nominated bank is an authority in issuing a
ticket to his client,
which gives him authentication.
Now we still have the de-centralied server paradigm in which no Server is
master server, and by
involving the end financial institution which we solve this trust problem.
__________________________________________
Myrddian <address@hidden(nospam)au>
-------------------------------------------
"I stayed up all night playing poker with tarot cards. I got a full house
and four people died".
-- Steven Wright
- [Auth]Authentication Trusts,
Myrddian <=