Re: Web ID as passwordless authentication for debian web services
Quoting Russ Allbery (2013-05-16 18:37:06)
> So, again, it comes down to what problem we're trying to solve. If
> the problem is just how do we authenticate Debian contributors to
> Debian systems, then we're actually in the institutional case and we
> don't have to trust anyone outside the project: we can deploy our own
> central authentication system -- a CA, a Kerberos KDC, or any other
> authentication system of choice -- and have all parties trust it, and
> that will be much simpler and much easier to analyze than any of the
> distributed models. Once we have our own CA, we could of course do
> secure WebID if we wanted to using that CA (modulo the inherent
> dubiousness of substituting endpoint authentication for user
> authentication),
Above is *exactly* what I would love Debian to do.
> but it's not clear to me why we'd bother as opposed to just issuing
> client X.509 certificates with the metadata already included.
Because the very separation of identifiers from the identified makes the
identifiers usable to reliably semantically express Web of Data.
http://linkeddata.org/
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
Reply to: