Re: Web ID as passwordless authentication for debian web services

To: debian-devel@lists.debian.org
Subject: Re: Web ID as passwordless authentication for debian web services
From: Simon McVittie <smcv@debian.org>
Date: Thu, 16 May 2013 16:59:10 +0100
Message-id: <[🔎] 5195024E.4090907@debian.org>
In-reply-to: <[🔎] 87r4h7kk2r.fsf@windlord.stanford.edu>
References: <[🔎] 87y5btehw3.fsf@gkar.ganneff.de> <[🔎] 20130506070543.GE25004@x230-buxy.home.ouaza.com> <[🔎] 87haif7vkv.fsf@gkar.ganneff.de> <[🔎] 20130507062252.GA32129@x230-buxy.home.ouaza.com> <[🔎] 87haibnb9y.fsf@windlord.stanford.edu> <[🔎] 8738tpwxtk.fsf@inf-8657.int-evry.fr> <[🔎] 20130514140321.23166.32356@bastian.jones.dk> <[🔎] 5193133C.7050506@fifthhorseman.net> <[🔎] 87li7fy6am.fsf@poker.hands.com> <[🔎] 51949F6F.3010700@debian.org> <[🔎] 20130516102031.29499.62330@bastian.jones.dk> <[🔎] 87r4h7kk2r.fsf@windlord.stanford.edu>

On 16/05/13 16:42, Russ Allbery wrote:
> In essence, [WebID]
> moves the authentication problem from user authentication to
> URI endpoint authentication, under the theory that we already know how to
> validate URI endpoints and that such validation is an easier problem.

... or to look at it another way: it moves the authentication problem to
URI endpoint authentication, because while we don't have a great
solution for that either, it's a problem we need a solution for anyway
in order to have secure websites, email, etc.?

(Also, it does mean users in a shared domain don't have to interact with
CAs individually.)

Hopefully some combination of the CA cartel, DNSSEC/DANE, Sovereign Keys
and/or Convergence will end up as a close enough approximation to a
solution in a finite time...

    S

Reply to:

References:
- Developer repositories for Debian
  - From: Joerg Jaspert <joerg@ganneff.de>
- Re: Developer repositories for Debian
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Developer repositories for Debian
  - From: Joerg Jaspert <joerg@debian.org>
- Re: Developer repositories for Debian
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Developer repositories for Debian
  - From: Russ Allbery <rra@debian.org>
- Re: Developer repositories for Debian
  - From: Olivier Berger <obergix@debian.org>
- Re: Developer repositories for Debian
  - From: Jonas Smedegaard <dr@jones.dk>
- Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Philip Hands <phil@hands.com>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Stéphane Glondu <glondu@debian.org>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Web ID as passwordless authentication for debian web services
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Debian development and release: always releasable (essay)
Next by Date: Re: Web ID as passwordless authentication for debian web services
Previous by thread: Re: Web ID as passwordless authentication for debian web services
Next by thread: Re: Web ID as passwordless authentication for debian web services
Index(es):
- Date
- Thread