[OpenID] Re: password as signature

[SitG Admin]

I'd better clarify what I wrote:

>Can we teach users to think of their password as their signature?
>
>Or, better yet, as the ability to affix their signature to arbitrary 
>documents, i.e. as in forging?

To avoid confusion with cryptographic signatures, (the use of) which 
are well-known in security/identity circles already - I mean the 
literal, physical signature, by which someone signs their name upon a 
piece of paper with their own distinctive handwriting.

We can't write on the 'net, though, so we have the equivalent of 
those stamps used in offices where someone has to sign thousands of 
documents each day, and can't afford to spend all their time just 
writing their own name over and over again (there might not even be 
enough time in the *day* to sign them all), so they have a stamp with 
their seal or just an imprint of their signature, and sometimes their 
secretary will help them go through and "sign" all of the paperwork.

Whoever has your password is like that secretary - you need to be 
REALLY sure that they work for you, don't have another agenda; 
basically, you trust them to make decisions on your behalf without 
being wrong, much less deliberately misrepresenting you!

This is why to not give out your password to anyone else. The analogy 
would be stronger if user accounts were actually associated with 
identity, though.

-Shade