Re: Web ID as passwordless authentication for debian web services

To: debian-devel@lists.debian.org
Subject: Re: Web ID as passwordless authentication for debian web services
From: Jonas Smedegaard <dr@jones.dk>
Date: Thu, 16 May 2013 20:28:56 +0200
Message-id: <[🔎] 20130516182856.29499.68327@bastian.jones.dk>
In-reply-to: <[🔎] 87li7ekhjh.fsf@windlord.stanford.edu>
References: <[🔎] 87y5btehw3.fsf@gkar.ganneff.de> <[🔎] 8738tpwxtk.fsf@inf-8657.int-evry.fr> <[🔎] 20130514140321.23166.32356@bastian.jones.dk> <[🔎] 5193133C.7050506@fifthhorseman.net> <[🔎] 87li7fy6am.fsf@poker.hands.com> <[🔎] 51949F6F.3010700@debian.org> <[🔎] 20130516102031.29499.62330@bastian.jones.dk> <[🔎] 87r4h7kk2r.fsf@windlord.stanford.edu> <[🔎] 519506ED.6030002@debian.org> <[🔎] 87li7ekhjh.fsf@windlord.stanford.edu>

Quoting Russ Allbery (2013-05-16 18:37:06)
> So, again, it comes down to what problem we're trying to solve.  If 
> the problem is just how do we authenticate Debian contributors to 
> Debian systems, then we're actually in the institutional case and we 
> don't have to trust anyone outside the project: we can deploy our own 
> central authentication system -- a CA, a Kerberos KDC, or any other 
> authentication system of choice -- and have all parties trust it, and 
> that will be much simpler and much easier to analyze than any of the 
> distributed models. Once we have our own CA, we could of course do 
> secure WebID if we wanted to using that CA (modulo the inherent 
> dubiousness of substituting endpoint authentication for user 
> authentication),

Above is *exactly* what I would love Debian to do.


> but it's not clear to me why we'd bother as opposed to just issuing 
> client X.509 certificates with the metadata already included.

Because the very separation of identifiers from the identified makes the 
identifiers usable to reliably semantically express Web of Data.

http://linkeddata.org/


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Reply to:

Follow-Ups:
- Re: Web ID as passwordless authentication for debian web services
  - From: Russ Allbery <rra@debian.org>

References:
- Developer repositories for Debian
  - From: Joerg Jaspert <joerg@ganneff.de>
- Re: Developer repositories for Debian
  - From: Olivier Berger <obergix@debian.org>
- Re: Developer repositories for Debian
  - From: Jonas Smedegaard <dr@jones.dk>
- Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Philip Hands <phil@hands.com>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Stéphane Glondu <glondu@debian.org>
- Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
  - From: Jonas Smedegaard <dr@jones.dk>
- Re: Web ID as passwordless authentication for debian web services
  - From: Russ Allbery <rra@debian.org>
- Re: Web ID as passwordless authentication for debian web services
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Web ID as passwordless authentication for debian web services
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
Next by Date: Re: Web ID as passwordless authentication for debian web services
Previous by thread: Re: Web ID as passwordless authentication for debian web services
Next by thread: Re: Web ID as passwordless authentication for debian web services
Index(es):
- Date
- Thread