Re: [Auth]new to all this

dotgnu-auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]new to all this

From:	Norbert Bollow
Subject:	Re: [Auth]new to all this
Date:	Fri, 5 Oct 2001 11:51:12 +0200

Timothy Washington <address@hidden> wrote:

> I just found out about this project recently so could
> somebody tell me where I could find some detailed
> goals of the system(specs, whitepapers, etc).

Unfortunately, currently we don't have any published specs
or whitepapers concerning the "auth" part of DotGNU...

The main thrust of the DotGNU project is to create a Free
Software platform for local and remote execution of Java
bytecode and Microsoft's IL, plus the necessary tools
(such as a C# compiler).  Remote execution requires
authentication, so it is an essential part of DotGNU to provide
a suitable authentication/authorization system.

All of that together will serve two purposes: On one hand it
allows us to compete with Microsoft's .NET so that we can
hopefully prevent them from successfully leveraging their
effective desktop OS Monopoly to gain control of the entire
internet.  On the other hand it serves as the foundation for a
long-term project to create a complete Free Software platform
for distributed computing (this is referred to as "Distributed
Execution Environment" on the DotGNU website, although I now
prefer the term "Web Operating System" == "WOS".)

Because we must compete with Microsoft's "Passport", we need to
move forward fast.  We don't have time to start from scratch.
The good news is that there are several (at least three or four)
"auth" projects that have usable code that they're willing to
release as Free Software so that we can use it in DotGNU.  So
right now, what we need to do is to evaluate on which (one or
several) of these horses we should bet.

> I think
> DotGNU "Virtual Identities"(VI) is a great idea!! I
> was thinking about this problem for a long time and
> knew that there would have to collaboration and open
> development if an idea like this were to fly.

We *must* make this fly, or the darkness of Microsoft's
Hailstorm will overtake the 'net.

> I wanted a "secure", "open" way to store passwords
> "online".
> -Secure so that only the intended recipient has access
> to her own data
> -Open so that there will be wide acceptance of this
> standard

Yes, we're 100% in synch so far.

> -Online so that there is 1 place to store and access
> passwords and personal data seemlessly.

Yes, but the user should be able to choose what this 1 place
is.  It's not right if just a few companies control this.  It's
ok if this is a service that most ISPs offer, and that people
can also run on their own PC if they so choose.

> As well that
> place should be able to authenticate a user on behalf
> of other sites

yes.

> Again, I have a question because I am new to all of
> this. VI advertises convenience of a single logon and
> user control of data. It must be able to be scaled and
> deployed at any level. Will VI be a framework/set of
> software tools or a protocol

Both.

> that software developers must follow?

s/must/are encouraged to/

> Since I have been thinking about how to fill the need
> for a secure open single sign on system that allows
> you or some trusted agent to manage your data, I've
> thought about some techincal hurdles:
> 
> -how to get other websites to use DotGNU VI (maybe net
> advocacy).

The time has come that we need to start talking with the
people behind major websites.  I'll post about this soon.

> -how to get a website using VI to know that a client
> has a virtual identities account(maybe a cookie that
> will have information telling a site how to
> autheticate that user)

*nod*

> -how to work VI into a site's existing framework(VI
> specifies that VI functionality checks for auth scheme
> before going to a default page)

*nod*

> -need to establish a protocol so that peers can talk
> to each other

*nod*

> Could someone tell if these concerns are relevant.

All highly relevant :)

> So all in all, is this a fair description of what 
> DotGNU Virtual Identities will be like (Use case):
> 
> economist.com, nytimes.com, xyz.com all require a user
> to log in to browse thier site. Currently the user
> would log into each site individually and the site
> would have all of the information regarding that user
> when that user registered.
> 
> In a "Virtual Identities" (VI) world. I would log into
> a Virtual Identities server once when I'm browsing.
> economist.com, nytimes.com, and xyz.com adhere to the
> Virtual Identities framework, thus go to the users VI
> server to authenticate the user. The user is not
> bothered with pesky sign-ons and has control of thier
> own data.

Yes, this is the minimal functionality that a Virtual Identities
system must provide.

Greetings, Norbert.

-- 
A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org
Norbert Bollow, Weidlistr.18, CH-8624 Gruet   (near Zurich, Switzerland)
Tel +41 1 972 20 59       Fax +41 1 972 20 69      http://thinkcoach.com
Your own domain with all your Mailman lists: $15/month  http://cisto.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Auth]new to all this, Timothy Washington, 2001/10/05
- Re: [Auth]new to all this, Norbert Bollow <=
- Re: [Auth]new to all this, Albert Scherbinsky, 2001/10/05

Prev by Date: Re: [Auth]Okay, so how about some code...
Next by Date: Re: [Auth]Okay, so how about some code...
Previous by thread: [Auth]new to all this
Next by thread: Re: [Auth]new to all this
Index(es):
- Date
- Thread