[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]Authentication Trusts

From: Myrddian
Subject: [Auth]Authentication Trusts
Date: Thu, 19 Jul 2001 11:46:43 +1000
User-agent: Mutt/1.3.17i

Ok, there has been a lot of talk b/w us about the authentication scheme, now 
the primary problem which
arises is that of Trust. Perticularly financial records, so you can purchase, 
rent, sell 
these primary actions which are very fundamental to e-commerce.

I disagree with the idea of having the user data stored on the individual users 
machine and let him
self authenticate. That's why a hybrid system was introduced.

Also the problem of, do I trust server 'A' authentication of user 'a'

Well after giving it some thought,  I thought ok treat authentication on a 
user-user or case by case
basis. If you want any monetary transction to happen a bank is going to be 
involved. so why
not involve the bank. Think about it you authenticate user 'a' on server 'A' 
but also at the sae
time you query user 'a' nominated bank (this only happens on a financial 
transaction, when a bank
or some sort is already involved) to see if you can trust user 'a' so all of a 
the users bank is the authorative answer, user A then receives a ticket from 
his bank allowing
him to be automatically authorized when using authentication server A.

the idea is quite simple the users nominated bank is an authority in issuing a 
ticket to his client, 
which gives him authentication. 

Now we still have the de-centralied server paradigm in which no Server is 
master server, and by
involving the end financial institution which we solve this trust problem.

Myrddian <address@hidden(nospam)au>
"I stayed up all night playing poker with tarot cards. I got a full house
 and four people died". 

                   -- Steven Wright 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]