[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]Authentitication and anonymity....

From: David Sugar
Subject: [Auth]Authentitication and anonymity....
Date: Sun, 15 Jul 2001 09:38:51 -0400
User-agent: Mozilla/5.0 (X11; U; Linux 2.2.16-9mdk i686; en-US; m18) Gecko/20001013

First point of order I think that needs to be considered is that if we have somebody or some server act as a pass thru "authentication" for users (one aspect of passport), that such an athentication system does not reveal details about users.

For example, if one authenticates with, and then visits, an "affiliated site" that trusts authentication for purpose of mobile single signin, then what receives is something that simply says 'this user, I will call him "x" is the same user "x" I authenticated to you before'. This is how I think portable authentication should work, and could do so without revealing who "x" is.

This requires trusts to exist between sites that accept authentication from each other. Perhaps site would sign the authentication/certification with it's own private key, and affiliated site "y" would be able to then verify that this is a valid declaration of "x".

Using something like this, it is quite possible to do a portable authentication system like this even entirely within cookies, as the information provided is very small. The key problem with cookies of course is that they are easily tracked, especially if there is a known authentication cookie.

Rather than cookies, it would be nice if the authentication system were unique and done thru a handoff, where an authentication site, such as, simply says, here is "user X, this is the same user X I gave you before". Doing it this way prevents the cookie problem, and the id X could be changed or different when presented to different affiliated sites, so the X you have been authenticated as for is not the same X you are known as in the authentication system at


reply via email to

[Prev in Thread] Current Thread [Next in Thread]