Re: Web ID as passwordless authentication for debian web services
On 16/05/13 16:42, Russ Allbery wrote:
> In essence, [WebID]
> moves the authentication problem from user authentication to
> URI endpoint authentication, under the theory that we already know how to
> validate URI endpoints and that such validation is an easier problem.
... or to look at it another way: it moves the authentication problem to
URI endpoint authentication, because while we don't have a great
solution for that either, it's a problem we need a solution for anyway
in order to have secure websites, email, etc.?
(Also, it does mean users in a shared domain don't have to interact with
CAs individually.)
Hopefully some combination of the CA cartel, DNSSEC/DANE, Sovereign Keys
and/or Convergence will end up as a close enough approximation to a
solution in a finite time...
S
Reply to: