[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Project discussion

From: Chris Whip
Subject: Re: [Auth]Project discussion
Date: Sun, 15 Jul 2001 17:28:46 -0700
User-agent: Mutt/1.2.5i

On Mon, Jul 16, 2001 at 09:45:36AM +0930, Nick Lothian wrote:
> I don't think an architecture relying on browser plugins or any special
> client side software is going to work.

And any architecture that doesn't require trusted client-side software
makes it impossible to implement a scheme that doesn't entirely trust
J. Random Website with your secret key, but instead permits a trusted
third party to mutually authenticate client and server, a la Kerberos.

I think that's important. I realize that next to Passport, which currently 
requires trusting both the site and the authentication service, it's a lofty
goal. But I feel that it's essential in the medium term.

-- Chris Whip

reply via email to

[Prev in Thread] Current Thread [Next in Thread]