Johannes Ernst's Blog [XML]  [LID]
[portrait]
About

Biographical information is here.

Leave me a message.
Categories

All posts (overview)
Most recent posts
July 2009
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Conversation with Adam Nelson

 Jun 24, 2006
[permanent link]

His post on new identity technologies triggered an e-mail conversation between himself and me that I think is probably of interest to more people, so I thought I summarize it here (thanks Adam for permission to blog it.)

First, to clarify: Neither LID nor OpenID nor Yadis require JavaScript, but Sxip/DIX does need it.

He goes on to ask:

Given this clarification, perhaps you can explain to me how a system like LID or OpenID would work in a thick-client scenario?

It all boils down to who has access to the private key (LID's GPG-based authentication) or the shared secret (OpenID's Diffie-Hellman secret). If you assume that there is a special relationship between the browser plugin (or other rich-client application) and the identity host — not an unreasonable assumption — then the browser plugin:

  • detects that a "redirect" by the relying party to the identity host is exactly that;
  • instead creates an new HTTP request with the lid-target (LID GPG) or return_to (OpenID) URL, plus the signed / hashed parameters just like the identity host would do.

Does this clarify?

Aha. Yes, I think so. In effect, authentication with a LID/OpenID identity host is in fact a determination that either the identity host has authenticated the identity in whatever way it defines the term, or the client is in possession of the identity host's key and can vouch for its own identity?

If I understand that right, then I dramatically underestimated the significance of LID/OpenID.

;-) This happens rather frequently; but that's okay, we're still in an early market.

Does a plugin such as the one you describe yet exist?

There are some projects that I'm aware of, but nothing usable yet as far as I know. The goal of the entire community is to collaborate on a single plugin, so we can talk people like Mozilla into shipping it as standard. It may go through the Higgins project at Eclipse, which is the place, according to the OSIS Agreement, is the place where open-source rich client software is being built. They have a plugin already anyway, even if it doesn't do URL-based identity yet.
[permanent link]    Add to [del.icio.us
This work is licensed under a Creative Commons License. However, NetMesh, Situational, LID, Light-Weight Identity, and InfoGrid are trademarks or registered trademarks of R-Objects Inc., doing business as NetMesh Inc. and no rights to trademarks are granted. For the purposes of attribution, the author is "Johannes Ernst" and attribution shall provide a (clickable, where possible) URL to this site.