Perl: the Markov chain saw | |
PerlMonks |
Re^2: Concerning Single Sign-on, Bitcard (TypeKey), and OpenID, CACERT client certificateby jettero (Monsignor) |
on Feb 25, 2007 at 22:41 UTC ( [id://602055]=note: print w/replies, xml ) | Need Help?? |
I don't wish to advocate OpenID exactly (although I do think it's neat). I actually like Bitcard better, but nobody besides rt.cpan uses it as far as I know. ...most single signon technologies the registration process is the most challenging part... How hard would it be to switch identities and change which info you share with each site? I don't think CA/PKI is really set up for that kind of identity management. But the real problem is, I can't see my mom signing up for and maintaining a keyring of x509 signatures — dealing with keys and dealing with the expirations — but I can see her using things like OpenID. There's a video of a guy setting up a myopenid account in 8 seconds. He then uses it to log into a wiki. The CACERT stuff will never actually be included in MSIE, but it's a nice idea. One way it blows OpenID out of the water is that if your identity server goes down, you can't log into anything; which obviously isn't true with CA/PKI (aside from revocations). Someone just pointed out to me that it's almost worse than I just said. If you use the OpenID authentication delegation so you can use your own URL as your identity, then if either site goes down you can't log into anything. -Paul
In Section
Meditations
|
|