Ted Leung on the air
Ted Leung on the air: Open Source, Java, Python, and ...
Ted Leung on the air: Open Source, Java, Python, and ...
Sun, 16 Jul 2006
Heraldry now under incubation at Apache
[00:06] |
[computers/internet] |
# |
TB |
F |
G |
1 Comments |
I am going to be one of the mentors of the Heraldry project that has been accepted for incubation at Apache. The initial goals for Heraldry are:
- Expansion of Yadis and OpenID libraries into additional languages beyond the existing Python, Ruby, Perl, and PHP libraries
- OpenID authentication specification revision to fix known security considerations, investigate compatibility with the DIX IETF proposal, describe Yadis integration, and allow either an URL or XRI be used as the End User’s Identifier
- Continue the development of a data transfer protocol on top of OpenID to allow the exchange of profile data as well as other secure messages
- Investigate existing mechanisms for profile exchange, namely Sxip 2.0 and SAML, and investigate how they would be layered atop OpenID
- Integration of the OpenID Authentication protocol with the Higgins framework to provide desktop integration
- Extension of OpenID to support non-browser based authentication use cases. ie authentication to a Subversion server, creation of mod_authnz_openid, using your OpenID Identity without modifying the svn client-side tool
I've been interested in the digital identity space for some time, and I''m looking forward to getting more directly involved. I hope that some of you will too, this is an important area.
This sounds very cool. I've been interested in this area myself, and have done a lot of thinking about it.
Personally I believe the most important thing a authentication system can provide for an open environment like the web is to allow for anonymous identities: That is, identities which only you can use but are not easily tracked back to you.
This kind of thing is important for people living in places with limited free speach or for whistleblowers. In both cases they will want to be able to say things which only they can say (without others pretended to be them and, thus, muddying the message), while also wanting to avoid jail/losing their job/etc.
OpenID does support this concept, so I like that Apache is going to support it. (I know nothing about Yadis, but I will investigate it soon.)
However OpenID has a hole in it, for both known and anonymous identities: It requires an authentication server. If a nation like China or criminals doing criminal things shut down, block, or subvert the server; then the established identities on that server are no longer usable, even if it is known that the server has been broken/subverted.
So, what we do need is something based on private/public key encryption that can survive the loss or subversion of any one authentication server. This is a really hard problem...
Posted by Jack William Bell at Sun Jul 16 20:53:32 2006
Personally I believe the most important thing a authentication system can provide for an open environment like the web is to allow for anonymous identities: That is, identities which only you can use but are not easily tracked back to you.
This kind of thing is important for people living in places with limited free speach or for whistleblowers. In both cases they will want to be able to say things which only they can say (without others pretended to be them and, thus, muddying the message), while also wanting to avoid jail/losing their job/etc.
OpenID does support this concept, so I like that Apache is going to support it. (I know nothing about Yadis, but I will investigate it soon.)
However OpenID has a hole in it, for both known and anonymous identities: It requires an authentication server. If a nation like China or criminals doing criminal things shut down, block, or subvert the server; then the established identities on that server are no longer usable, even if it is known that the server has been broken/subverted.
So, what we do need is something based on private/public key encryption that can survive the loss or subversion of any one authentication server. This is a really hard problem...
Posted by Jack William Bell at Sun Jul 16 20:53:32 2006
You can subscribe to an RSS feed of the comments for this blog:
Add a comment here:
You can use some HTML tags in the comment text:
To insert a URI, just type it -- no need to write an anchor tag.
Allowable html tags are:
You can also use some Wiki style:
URI => [uri title]
<em> => _emphasized text_
<b> => *bold text*
Ordered list => consecutive lines starting spaces and an asterisk
Add a comment here:
You can use some HTML tags in the comment text:To insert a URI, just type it -- no need to write an anchor tag.
Allowable html tags are:
<a href>, <em>, <i>, <b>, <blockquote>, <br/>, <p>, <code>, <pre>, <cite>, <sub> and <sup>.You can also use some Wiki style:
URI => [uri title]
<em> => _emphasized text_
<b> => *bold text*
Ordered list => consecutive lines starting spaces and an asterisk
![[Valid RSS]](http://www.sauria.com/blog/images/valid-rss.png "Validate my RSS feed"){kind=small}
