On Jun 6, 2012, at 11:14 PM, Aaron C. de Bruyn wrote:
> On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
>> Which digital id architecture should web sites implement, and what's
>> going to make them all agree on one SSO system and move from the
>> current state to one of the possible solutions though? :)
>>
>> A TLS + Client-Side X.509 Certificate for every user.
>
> Heck no to X.509. We'd run into the same issue we have right now--a
> select group of companies charging users to prove their identity.
>
Not if enough of us get behind CACERT.
Non-profit organization providing fee certificates based on web of trust
model.
http://www.cacert.org
For any of you in the bay area and/or who encounter me in my various
travels, I am an CACERT top-level notary.
Personally, I like the SSH model and simply giving the web-site your
public key at sign-up, but, there are issues with that as well...
If your private key is compromised, how do you notify all of the web-sites
that it needs to be revoked?
Owen
> On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
>> Which digital id architecture should web sites implement, and what's
>> going to make them all agree on one SSO system and move from the
>> current state to one of the possible solutions though? :)
>>
>> A TLS + Client-Side X.509 Certificate for every user.
>
> Heck no to X.509. We'd run into the same issue we have right now--a
> select group of companies charging users to prove their identity.
>
Not if enough of us get behind CACERT.
Non-profit organization providing fee certificates based on web of trust
model.
http://www.cacert.org
For any of you in the bay area and/or who encounter me in my various
travels, I am an CACERT top-level notary.
Personally, I like the SSH model and simply giving the web-site your
public key at sign-up, but, there are issues with that as well...
If your private key is compromised, how do you notify all of the web-sites
that it needs to be revoked?
Owen