Re: [Auth]A simple serverside authentication scheme

[Norbert Bollow]

I wrote:

> > Don't overlook the problem that this approach requires
> > server-side resources (such as bandwidth, hardware, sysadmin
> > time).

Adam Theo <address@hidden> replied:

> actually, i really don't see bandwidth or even CPU resources being even
> a big issue here. even with thousands of users, the effects of a simple
> server-side model would be small.

We're talking about more than just a couple thousand users.

Microsoft is saying that there are 200,000,000 (yes, 200
million) accounts on their passport system already.

> may be true, i don't know enough about it. but just because MS uses a
> 100% server-side, centralized, authoritarian system, no need to not
> consider *anything* that uses a server.

We need to consider every reasonable proposal.  Perhaps even
start implementing several proposals.

But with server-side systems we need to do the math first to
make sure that the system won't be killed by its success.

> IMO, it will *have* to be a server-side system. let's just make sure it
> is distributed and not centralized.

As the long term solution, we're building a system that can be
used client-side or server-side (at the user's sole discretion),
and when it's used server-side, it will be a true distributed
system.

For short-term solutions, well if some people believe that
plug-ins are the way to go, and others believe that server-side
is the way to go, then maybe both sides should go forward
with implementing their proposed solutions.

I really believe that Ron's suggestion is the way to go, and
going forward with implementing it should not be delayed just
because you and some others think that a server-based system
would be better.

> plug-ins won't work. for one, they are only browser-based.

Why is this a problem for the short-term solution?

> two, they are traditionally slow to be accepted by users.

Yes, people have a reluctance to install a plug-in.  That needs
to be considered.

But aren't we specifically going for the people who have a
reluctance to entrust personal data to any server-side system
(Microsoft's)?  It will be difficult to convince them that our
server-side system is more trustworthy than Microsft's.

It'll be an easier sale IMHO to convince them that our system is
better because their data stays in their own PC.

> three, there is no industry wide standard for making plug-ins
> (they are different from browser to browser).

This is not a big problem, as the number of browsers with high
market share is small.

Greetings, Norbert.

-- 
Norbert Bollow, Weidlistr.18, CH-8624 Gruet  (near Zurich, Switzerland)
Your own domain with all your Mailman lists: $15/month http://cisto.com
Business Coaching for Internet Entrepreneurs ---> http://thinkcoach.com
Tel +41 1 972 20 59      Fax +41 1 972 20 69      address@hidden