Re: Web Keys and Identity

On 04/18/2013 02:16 PM, David Nicol wrote:
> I havent studied all documentation you've linked to, would you mind 
> providing a summary of what web keys does that openID doesn't? Is it
> just that Web Keys is unaffected by committee-driven featuritis?

See this for a short introduction to Web Keys:

https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/

Summary:

Web Keys enables us to use the Web as a way to store access credentials
to other websites. Benefits over OpenID include:

1. Simpler protocol.
2. Works both in a browser-environment and outside of a browser
   environment.
3. Based on public key cryptography, so you can do more with it like
   digital signatures and encryption.
4. More decentralized than OpenID (anyone can publish keys
   to anywhere on the web).
5. It enables secure HTTP requests.
6. It's state-less.
7. Worst case authentication for Web Keys is 3 calls, for OpenID it's
   6 calls.
8. Common case can establish authentication with just one HTTP call.
9. You can perform all REST functions in one HTTP call with
   Web Key HTTP Signatures.
10. Protects against phishing attacks far more than OpenID because
    you don't transmit your credentials to 3rd parties
11. Fully supports Web of Trust no need for an OpenID-like
    service provider to hold keys.
12. Fully distributed, no need for an OpenID-like service provider
    to provide authentication services.
13. Does not require HTTP re-directs when performing authentication
    or authorization.
14. Built on Linked Data, so can be extended to store more information
    with the identity and key.

There are probably more benefits, but I'll stop there. We really need to
do a complete blog post on how Web Keys compares to OpenID and OAuth.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Meritora - Web payments commercial launch
http://blog.meritora.com/launch/

Received on Thursday, 18 April 2013 18:51:45 UTC