Re: [foaf-dev] Re: RDFAuth: an initial sketch

On 28.03.2008 12:52:15, Renato Golin wrote:
>
>Benjamin Nowack wrote:
>> Hmm, ok, but wouldn't users also have to upload a private key
>> to my server? And my app would have to send the private key
>> to the encryption service, which I guess isn't too cool either.
>
>Absolutely not! That's not acceptable under any circumstances, 
>especially when designing a (secure) authentication system... ;)
OK, that's what I thought, too. So, PGP can't be a prerequisite 
for RDFAuth running on web servers.

>Your private key remains in your machine always because only you can 
>start requests with your private key anyway. There are some key managers 
>on KDE and Gnome and Thunderbird as well.
OK, then it won't work for RDFAuth where the requests are done by
automated server scripts, unless we generate additonal, temporary key 
pairs that are used only by an RDFAuth app. But then we run into 
sync/cache issues, I guess.

Benji

>
>cheers,
>--renato
>


--
Benjamin Nowack
http://bnode.org/

Received on Friday, 28 March 2008 13:16:14 UTC