Re: Authentication Proposal -- Solid Cookies from Kingsley Idehen on 2016-02-05 (public-rww@w3.org from February 2016)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 5 Feb 2016 09:46:50 -0500
To: public-rww <public-rww@w3.org>
Cc: public-webid <public-webid@w3.org>
Message-ID: <56B4B5DA.7090103@openlinksw.com>

On 2/5/16 7:07 AM, Melvin Carvalho wrote:
>
>
> On 5 February 2016 at 12:58, Martynas Jusevičius
> <martynas@graphity.org <mailto:martynas@graphity.org>> wrote:
>
>     Question: why? Do we really need a new technology for this?
>
>
> Actually a great question!
>
> It was a response to this thread, which was brainstorming alternatives.
>
> https://github.com/solid/solid/issues/22#issuecomment-176833835
>
> As someone that has used WebID+TLS every day for several years I dont
> see a huge problem with it.  I do think we can make better browsers
> tho, particularly the open source ones.

Exactly ! Thus, wouldn't it be better to leave those that still don't
understand it (typically due to not actually trying to use it) to find
out in their own time rather than indulging them on technology adventures?

Bottom line, WebID+TLS and WebID+TLS+Delegation solve the real issues. I
would strongly encourage doubters to produce working alternatives with
actual implementation examples.

Hopefully, these doubters could produce (not hypothesize abut) a
solution to the following :

1. Multiple Identities for different clubs
2. Delegated Identity for 100K users of some middle-tier service without
each user possessing an X.509 Cert (or any other identity token) without
compromising resource access controls.

I encourage you to cut and paste the above each time you encounter an
identity and access controls technology speculator (or WebID, TLS, and
Delegated Identity skeptic). 

Kingsley
>  
>
>
>     On Fri, Feb 5, 2016 at 12:07 PM, Melvin Carvalho
>     <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
>     > Alice wishes to authenticate on Bobs server.
>     >
>     > Alice sends her User: identity, and (optionally) a path to a
>     "cookie". The
>     > cookie is a resource that only Bobs server and Alice have access
>     to. The
>     > contents of the resource are a typical cookie with unguessable
>     string and
>     > expiry.
>     > Bob's server compares the string sent from the browser and the
>     string in the
>     > file. If they match access is granted.
>     >
>     >
>     > Any comments on this idea?
>
>

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Friday, 5 February 2016 14:47:14 UTC