On Jun 6, 2012, at 11:14 PM, Aaron C. de Bruyn wrote:
On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
Which digital id architecture should web sites implement, and what's going to make them all agree on one SSO system and move from the current state to one of the possible solutions though? :)
A TLS + Client-Side X.509 Certificate for every user.
Heck no to X.509. We'd run into the same issue we have right now--a select group of companies charging users to prove their identity.
Not if enough of us get behind CACERT. Non-profit organization providing fee certificates based on web of trust model. http://www.cacert.org For any of you in the bay area and/or who encounter me in my various travels, I am an CACERT top-level notary. Personally, I like the SSH model and simply giving the web-site your public key at sign-up, but, there are issues with that as well... If your private key is compromised, how do you notify all of the web-sites that it needs to be revoked? Owen