dotgnu-auth
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Authentication Trusts

From: Adam Theo
Subject: Re: [Auth]Authentication Trusts
Date: Wed, 18 Jul 2001 21:59:55 -0400 
hm, nice idea. i just wrote a big brainstorm on Trust and what Kent
Gnuyen calls the "Web of Trust" for my Jabber Identity project. i'm sure
you will find some of it interesting, since it covers alot:

http://jab.sirlabs.com/bin/view/JIGs/JIS/PeerTrust

please tell me what you think! it can use the input. note, it is a good
bit jabber specific, but i'm sure it can be ported to similarly
structured systems.

if you really like it, yet another reason for DotGNU to use Jabber: so
it can use this Trust system!  :-)

Myrddian wrote:
> 
> Ok, there has been a lot of talk b/w us about the authentication scheme, now 
> the primary problem which
> arises is that of Trust. Perticularly financial records, so you can purchase, 
> rent, sell
> these primary actions which are very fundamental to e-commerce.
> 
> I disagree with the idea of having the user data stored on the individual 
> users machine and let him
> self authenticate. That's why a hybrid system was introduced.
> 
> Also the problem of, do I trust server 'A' authentication of user 'a'
> 
> Well after giving it some thought,  I thought ok treat authentication on a 
> user-user or case by case
> basis. If you want any monetary transction to happen a bank is going to be 
> involved. so why
> not involve the bank. Think about it you authenticate user 'a' on server 'A' 
> but also at the sae
> time you query user 'a' nominated bank (this only happens on a financial 
> transaction, when a bank
> or some sort is already involved) to see if you can trust user 'a' so all of 
> a sudden
> the users bank is the authorative answer, user A then receives a ticket from 
> his bank allowing
> him to be automatically authorized when using authentication server A.
> 
> the idea is quite simple the users nominated bank is an authority in issuing 
> a ticket to his client,
> which gives him authentication.
> 
> Now we still have the de-centralied server paradigm in which no Server is 
> master server, and by
> involving the end financial institution which we solve this trust problem.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]