On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
Which digital id architecture should web sites implement, and what's going to make them all agree on one SSO system and move from the current state to one of the possible solutions though? :)
A TLS + Client-Side X.509 Certificate for every user.
Heck no to X.509. We'd run into the same issue we have right now--a select group of companies charging users to prove their identity.
[insert a thousand of the other slightly more obscure Multi-website Single-Login systems]
SSH does a good job of avoiding the pitfalls that most of those other products have. Active Directory has costs associated with it. OpenID requires setting up your own server or using a third party. Facebook and Google have their own auth systems, but quite a few people are worried about how much they track you. And the only time I use a Windows Live account is when I set one up for a client who needs access to their volume licensing site. Imaging signing up for a site by putting in your email and pasting your public key. No third party verifying and certifying who you are like with SSL certs and charging you for the privilege (plain 'ol username/password logins don't give you any verification either--linkedin has no clue who I really am) just a key exchange from the user and server proving that you've both seen each other before. -A