[Auth]new to all this

dotgnu-auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]new to all this

From:	Timothy Washington
Subject:	[Auth]new to all this
Date:	Fri, 5 Oct 2001 00:41:17 -0400 (EDT)

Hello all,

I just found out about this project recently so could
somebody tell me where I could find some detailed
goals of the system(specs, whitepapers, etc). I think
DotGNU "Virtual Identities"(VI) is a great idea!! I
was thinking about this problem for a long time and
knew that there would have to collaboration and open
development if an idea like this were to fly.

I wanted a "secure", "open" way to store passwords
"online".
-Secure so that only the intended recipient has access
to her own data
-Open so that there will be wide acceptance of this
standard
-Online so that there is 1 place to store and access
passwords and personal data seemlessly. As well that
place should be able to authenticate a user on behalf
of other sites

Again, I have a question because I am new to all of
this. VI advertises convenience of a single logon and
user control of data. It must be able to be scaled and
deployed at any level. Will VI be a framework/set of
software tools or a protocol that software developers
must follow?

Since I have been thinking about how to fill the need
for a secure open single sign on system that allows
you or some trusted agent to manage your data, I've
thought about some techincal hurdles:

-how to get other websites to use DotGNU VI (maybe net
advocacy).
-how to get a website using VI to know that a client
has a virtual identities account(maybe a cookie that
will have information telling a site how to
autheticate that user)
-how to work VI into a site's existing framework(VI
specifies that VI functionality checks for auth scheme
before going to a default page)
-need to establish a protocol so that peers can talk
to each other

Could someone tell if these concerns are relevant. So
all in all, is this a fair description of what 
DotGNU Virtual Identities will be like (Use case):

economist.com, nytimes.com, xyz.com all require a user
to log in to browse thier site. Currently the user
would log into each site individually and the site
would have all of the information regarding that user
when that user registered.

In a "Virtual Identities" (VI) world. I would log into
a Virtual Identities server once when I'm browsing.
economist.com, nytimes.com, and xyz.com adhere to the
Virtual Identities framework, thus go to the users VI
server to authenticate the user. The user is not
bothered with pesky sign-ons and has control of thier
own data.

Thanks for any feedback,
Timothy Washington
address@hidden

_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca

[Prev in Thread]

Current Thread

[Next in Thread]

[Auth]new to all this, Timothy Washington <=
- Re: [Auth]new to all this, Norbert Bollow, 2001/10/05
- Re: [Auth]new to all this, Albert Scherbinsky, 2001/10/05

Prev by Date: Re: [Auth]Okay, so how about some code...
Next by Date: Re: [Auth]Okay, so how about some code...
Previous by thread: [Auth]How the system can work with app.servers
Next by thread: Re: [Auth]new to all this
Index(es):
- Date
- Thread