Norbert Sendetzky skrev:
A few people already made suggest how to handle authorisation/authentication.
But they all mentioned some kind of a central repository. I think it would be
nice if auth can be handled through a "web of trust" like in PGP, which we
could use. This approach has serveral advantages:
- Anybody can create one or more identities
- If the identity should be accepted by a online shop he can go to a trust
center and let them sign his identity (e.g PGP key) after proofing his
identity.
- PGP (OpenPGP) is also widely used at the moment and is an accepted standard
Other opinions?
Why not base authentication using a standard CA that is
used to identicate users within the https protocol.
That way it will work with basicalkly any webbrowser and
it will also be based on an existing and widely used standard.
There already exists project who are working to make it possible so
basically anyone to start a CA exists.
http://www.freecert.org/
http://openca.sourceforge.net/
One don't need a central CA it is possible to define this using
a large number of independent CAs which are handled by a web of trusts.
Why re-invent the wheel ?
Anders
_______________________________________________
Auth mailing list
address@hidden
http://dotgnu.org/mailman/listinfo/auth