Re: [saag] [websec] [apps-discuss] [kitten] HTTP authentication: the next generation

On 20 December 2010 09:25, Josh Howlett <Josh.Howlett@ja.net> wrote:
>> As Web sites discover that their account holders cannot remember their
>> username, most have adopted email addresses as account identifiers.
>> That is what we should use as the basis for federated web
>> authentication.
>
> Unfortunately this approach transgresses the fourth Law of Identity: 'Directed Identity'.
>
> "A universal system must support both omni-directional identifiers for use by public entities and unidirectional identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles"

Of course these are not actually laws, just good ideas.

However: the core failing seems to be the requirement that users
should remember any more than their one "master identity" which is
used to store all the others (see my Nigori work for how).

>
> Josh.
>
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

Received on Monday, 20 December 2010 10:50:39 UTC