Can anyone here give me the 40 000 ft view of the state of the authentication industry?
233 views
Skip to first unread message
Coenraad Loubser
Nov 3, 2012, 4:33:11 PM11/3/12
to oz-pr...@googlegroups.com
Hello Everybunny!
(My nephew used to say that when he was 5 :-)
I am currently lobbying my government to *properly* fund a project that will need something like this as a cornerstone. Watch me sell it to them, they need this.
10 years and counting...
The problem of ubiquitous authentication to be solved has been glaringly obvious since the the late 90's - and look where we are now, more than 10 years later?! And why? Can anyone tell me? I do have my opinions, views and intuitions, but I'll reserve them for the time being.*
Open Identity Stack?
I have just stumbled upon this, however: http://forgerock.com/what-we-offer/open-identity-stack/ - Is anyone familiar with this initiative - can anyone give me a lay non-acronym highlevel overview of where all the diverse authentication mechanisms available today fit into the authentication universe?
40 000 ft View
Shouldn't the first step you guys take perhaps be to create a Wikipedia page on Web Authentication - or perhaps expand http://en.wikipedia.org/wiki/Authentication - perhaps with a table listing all the features and vested interests and goals of all the diverse authentication protocols, standards and initiatives?
Which niche now?...
Do we really need another standard? Or do any of you have the wits, the balls and the insight to launch something that can once and for all start unifying or focusing "the authentication industry?" Perhaps a peer-to-peer type distributed authentication core that works along the lines of Bitcoin's protocols? Or something inherently secure and decentralized, persented in a way that wil gain everyone's trust...? Come now, how hard can it be?
I really think it's crucial to look at the really really big picture before you start hacking away on the small things and just create more chaos and confusion in the market.
Is there anyone here who "get's" me, shares my sentiment and can try to speak my language?
*Disclaimer
(My nephew used to say that when he was 5 :-)
I am currently lobbying my government to *properly* fund a project that will need something like this as a cornerstone. Watch me sell it to them, they need this.
10 years and counting...
The problem of ubiquitous authentication to be solved has been glaringly obvious since the the late 90's - and look where we are now, more than 10 years later?! And why? Can anyone tell me? I do have my opinions, views and intuitions, but I'll reserve them for the time being.*
Open Identity Stack?
I have just stumbled upon this, however: http://forgerock.com/what-we-offer/open-identity-stack/ - Is anyone familiar with this initiative - can anyone give me a lay non-acronym highlevel overview of where all the diverse authentication mechanisms available today fit into the authentication universe?
40 000 ft View
Shouldn't the first step you guys take perhaps be to create a Wikipedia page on Web Authentication - or perhaps expand http://en.wikipedia.org/wiki/Authentication - perhaps with a table listing all the features and vested interests and goals of all the diverse authentication protocols, standards and initiatives?
Which niche now?...
Do we really need another standard? Or do any of you have the wits, the balls and the insight to launch something that can once and for all start unifying or focusing "the authentication industry?" Perhaps a peer-to-peer type distributed authentication core that works along the lines of Bitcoin's protocols? Or something inherently secure and decentralized, persented in a way that wil gain everyone's trust...? Come now, how hard can it be?
I really think it's crucial to look at the really really big picture before you start hacking away on the small things and just create more chaos and confusion in the market.
Is there anyone here who "get's" me, shares my sentiment and can try to speak my language?
*Disclaimer
I'm no expert on OAuth and have not yet had the luxury of taking the time to read everything you guys have written on the subject - but I'll make a point of catching up the state of the web very soon - and hopefully one of you can give me a running start;
I've not been doing web development in the past few years either - as a matter of fact, my most noteworthy contributions to the free software community have been in the form of kernel-mode x86 Assembler code - made 10+ years ago, at which point I had to start earning money again to pay my own rent and I did so building much-needed computer networks in a country that desperately needs them, out of neccessity. The extent of my development career stretches Perl, Pascal, C and PHP, the latter mostly with a lot of copy-and-paste - and my field of interest for over 20 years is artificial intelligence. So please consider that, while I'm part of the computing and computer networking universe, I'm likely not part of the web universe many of you inhabit - meaning, what I look at is the nett effect, universality, origin and ultimate goal of each project and am blissfully oblivious to exact wiring of the industry.
I've not been doing web development in the past few years either - as a matter of fact, my most noteworthy contributions to the free software community have been in the form of kernel-mode x86 Assembler code - made 10+ years ago, at which point I had to start earning money again to pay my own rent and I did so building much-needed computer networks in a country that desperately needs them, out of neccessity. The extent of my development career stretches Perl, Pascal, C and PHP, the latter mostly with a lot of copy-and-paste - and my field of interest for over 20 years is artificial intelligence. So please consider that, while I'm part of the computing and computer networking universe, I'm likely not part of the web universe many of you inhabit - meaning, what I look at is the nett effect, universality, origin and ultimate goal of each project and am blissfully oblivious to exact wiring of the industry.
justin kruger
Nov 9, 2012, 2:04:32 PM11/9/12
to oz-pr...@googlegroups.com
You might 1st want to clearly define the question interms of Authorization vs. Identification.
Credentialed Authorization is not dependent on Identity and maintains privacy while showing a chain of Authority for a given set of roles.
Identification proves you are who you say you are.
Identification proves you are who you say you are.
I personally feel like we need less Identification on the web.
Coenraad Loubser
Nov 10, 2012, 3:38:38 AM11/10/12
to oz-pr...@googlegroups.com
An identity is a bouquet of authorizations.
The bottom line is that your actual name, location and other authorizations are mere 'additional fields' in your identity, which the party to which you are authorizing to does not necessarily have authorization to.
There are only two major paradigms in my books - centralized and distributed. Centralized is a lot simpler, distributed can be a lot more secure, if done right.
Sent from my phone
--
Reply all
Reply to author
Forward
0 new messages