- From: Nathan <nathan@webr3.org>
- Date: Mon, 08 Oct 2012 17:43:20 +0100
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: David Chadwick <d.w.chadwick@kent.ac.uk>, Melvin Carvalho <melvincarvalho@gmail.com>, Ron Garret <ron@flownet.com>, Anders Rundgren <anders.rundgren@telia.com>, Henry Story <henry.story@bblfish.net>, public-identity@w3.org
Stephen Farrell wrote: > I think there's definitely merit in investigating such approaches, > mainly because they don't need passwords, but also partly due to > the very thing to which you're objecting - any handling of user > names or identifiers can be part of the application and not a part > of some security infrastructure. (Maybe I've just developed too > many of those over the years:-) Am I correct in assuming that the general premise is that securing the connection can be done with a keypair, and then at application level an identifier can be associated with a user, based on the keypair? Then further to this, that each origin can be associated with a different keypair, such that a user isn't identifiable cross origin by using a single key as an identifier? Best, Nathan
Received on Monday, 8 October 2012 16:44:18 UTC