Re: [Auth]Authorization Certificates

[Adam Theo]

Norbert Sendetzky wrote:
>
>
> > the solution, i believe, firmly rests in PKI. PKI is Public Key
> > Infrastructure, for those who don't know, and it is outlined:
> >
> > * everyone has a certificate, or maybe multiple ones (don't see why, but
> > it's possible).
> > * each certificate/user is 'certified' by someone else. it can be a
> > friend, bank, family member, etc. anyone.
> > * when you go to deal with this person, you may not know them, but the
> > trick is to find a "link" with people who you trust, and who also trust
> > this other person.
> > * this can all be handled automatically, so to be virtually seamless to
> > you and everyone else.
> 
> That's the way PGP/GPG does!
> It's secure, already there and has been proven over a long period of time.

hi. yep, PGP/GPG does very similar.

i just published an idea of how Trust can work in the Jabber Identity
project I am working on at http://www.theoretic.com/identity . the Draft
is at:
http://jab.sirlabs.com/bin/view/JIGs/JIS/PeerTrust

it does not involve PGP and GPG, or even PKI to a large degree, because
it does not need 'Keys' or 'Certificates'. authentication is handled by
the jabber login system instead. but this draft outlines the 'lines of
trust' that can be used in a system which has some alternate
authentication system in place.