An interesting thread is developing on the decentralization mailing list on the issues of Decentralising Single Signon and how it relates to SXIP. Here's my latest post.

>As for single sign on (Sxip), I only see this working for homogeneous
>security domains. The likelihood of a system being used for on line
>banking as well as weblog comment posting is almost zero.

Agreed. But while lots of work is being done in the B2B area the only
people I'm aware of working at the weblog end, and with something
demonstrable is SXIP. The thing is Passport has failed, Liberty is aimed
at B2B. Which means there's a chance for a properly architected bottom
up solution to become the standard. If it's built right there's no
telling how high up the ladder it could go.

This is a pretty boring area ;-) but at the weblog end, comments spam is
a problem we all have *right now*. And the spammers and scammers are
getting more inventive and prepared to do work. It's not at all unusual
now for a scammer to go through the whole signon process, wait a week
and then use the system's internal processes to start sending the
message.

We're seeing each major blog platform introduce it's own centralised
authentication to try and deal with this. So in order to leave a comment
I have to have a Blogger, Typekey, Userland, etc etc account depending
on where the blog is located. I'd much rather just say "My authenticated
home account is at Ecademy, use that" and with no changes to any of the
systems, you should be able to say "My authenticated home account is at
TuCows, use that".




[ << YASNs and arms length communication ] [ IT Facts: The X market will be Y big in Z years >> ]
[ 16-Nov-04 8:23am ] [ ]