IETF Logo Mail Archive

Re: [apps-discuss] [saag] [websec] [kitten] HTTP authentication: the next generation

Ben Laurie <benl@google.com> Mon, 20 December 2010 11:34 UTC

Return-Path: <benl@google.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6BA5C3A6A03 for <apps-discuss@core3.amsl.com>; Mon, 20 Dec 2010 03:34:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.482
X-Spam-Level:
X-Spam-Status: No, score=-104.482 tagged_above=-999 required=5 tests=[AWL=-2.505, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fy2cOqbRmjLt for <apps-discuss@core3.amsl.com>; Mon, 20 Dec 2010 03:34:10 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id 0801D3A6996 for <apps-discuss@ietf.org>; Mon, 20 Dec 2010 03:34:09 -0800 (PST)
Received: from hpaq3.eem.corp.google.com (hpaq3.eem.corp.google.com [172.25.149.3]) by smtp-out.google.com with ESMTP id oBKAoC4R015244 for <apps-discuss@ietf.org>; Mon, 20 Dec 2010 02:50:12 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1292842212; bh=bajceOOo7ZhkMfCRIoZ6DZTpuHM=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=wjs/qfOYP4SRFLXSpi5Qk4BY6dgSQE48/ETGb5ATcDra57cTTq3+EUGTZ6fs6MTJ3 S8OrcEjNnn0UmNWK0ZWIQ==
Received: from pvg2 (pvg2.prod.google.com [10.241.210.130]) by hpaq3.eem.corp.google.com with ESMTP id oBKAoAXT021017 for <apps-discuss@ietf.org>; Mon, 20 Dec 2010 02:50:10 -0800
Received: by pvg2 with SMTP id 2so520470pvg.30 for <apps-discuss@ietf.org>; Mon, 20 Dec 2010 02:50:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=ytdwEhHK3ZyxYn4/Tw7dUnwqK5e/li/rp4GY+cOWS1Y=; b=NwEscFDea7GxAdpdBM9LRj0d9drGhPtj57XvxnrZ8oBd7anConpwUxY7Qdi+O0oYSZ 7RQN4TPnn7hM5T3ma/ZA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=INUMAT+lgNGZT4lrzj+jY88/zZA0u1jobDAgnFBvlf3alLonE+1EccK7OldJfqU4fx vVZlQ7N0EUpDOJqgte/w==
MIME-Version: 1.0
Received: by 10.142.229.8 with SMTP id b8mr3240793wfh.20.1292842209794; Mon, 20 Dec 2010 02:50:09 -0800 (PST)
Received: by 10.142.47.14 with HTTP; Mon, 20 Dec 2010 02:50:09 -0800 (PST)
In-Reply-To: <55DC663C2F4F9F439F23543E0078E8B3046101@EXC001>
References: <4D02AF81.6000907@stpeter.im> <p06240809c928635499e8@10.20.30.150> <ADDEC353-8DE6-408C-BC75-A50B795E2F6C@checkpoint.com> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <A23730A9-728B-4533-96D7-0B62496CC98A@checkpoint.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org> <2229.1292253372.639419@puncture> <AANLkTi=iGWnBtOgPhN9tRtaJTxQhvRkjq3p0UCkRdT8=@mail.gmail.com> <55DC663C2F4F9F439F23543E0078E8B3046101@EXC001>
Date: Mon, 20 Dec 2010 10:50:09 +0000
Message-ID: <AANLkTinAUm_Vo9gYomFFi_7eSftk=CQzq_TvgYaNM4ck@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Josh Howlett <Josh.Howlett@ja.net>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
X-Mailman-Approved-At: Mon, 20 Dec 2010 08:30:45 -0800
Cc: General discussion of application-layer protocols <apps-discuss@ietf.org>, websec <websec@ietf.org>, Common Authentication Technologies - Next Generation <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Subject: Re: [apps-discuss] [saag] [websec] [kitten] HTTP authentication: the next generation
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2010 11:34:10 -0000

On 20 December 2010 09:25, Josh Howlett <Josh.Howlett@ja.net> wrote:
>> As Web sites discover that their account holders cannot remember their
>> username, most have adopted email addresses as account identifiers.
>> That is what we should use as the basis for federated web
>> authentication.
>
> Unfortunately this approach transgresses the fourth Law of Identity: 'Directed Identity'.
>
> "A universal system must support both omni-directional identifiers for use by public entities and unidirectional identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles"

Of course these are not actually laws, just good ideas.

However: the core failing seems to be the requirement that users
should remember any more than their one "master identity" which is
used to store all the others (see my Nigori work for how).

>
> Josh.
>
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email