Solution

Roland Sassen (using mozilla) sassen at thinsia.com
Mon Oct 23 20:32:48 UTC 2006 

Personal Internet Portal solution

I would like to propose the use of OpenId in the following way:

1   end-point devices suffer from malware, so avoid the contact with 
this malware
using server-based computing
2   people want to store information to let them single sign on, for 
example using OpenId, to several sites, on a place where nobody else can 
break in. I call this place PIP Personal Internet Portal.
3   this PIP uses directory services, like e-directory from Novell, to 
store this information, to allow
login with OpenId, or i-names, or biometrics.
4 after login to their PIP people can execute  program´s on the PIP 
server, for example a browser, or a home-banking-application, or their 
office-program´s.
5 the user can chose to use extern application service providers, which 
they trust, for the moment being.
6 After login with strong identification, or even authentication (with 
biometrics) the user can change the temporarily trust list.


As for the use of OpenId,  I think this will make life easier.
kind regards,

Roland Sassen


Alaric Dailey wrote:
> ok maybe I throw out my idea for solving these problems.
>  
> 1. require SSL for any data transfer from IdP to RP ( assuming data 
> isn't going the other way)
> 2. sign or encrypt the logon token (however or whereever it is stored)
> 3. expire the logon after a certain period of time (  )
> 4. require ssl for IdPs for logon pages etc...
> 5. Heavily recommend that IdP's use
>
>     * DNSSec
>     * Salted passwords with strong hashing algos (ie NOT MD5 or SHA1)
>     * locked down systems (patches, AV, firewalls, etc)
>
>  
> Thus RP's do not require an SSL cert, and data can be trusted, and it 
> could be proven that it has not been modified.
>  
>  
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061023/42d809a8/attachment-0002.htm>

More information about the general mailing list