[OpenID] Finally, light at the end of the tunnel, for OpenID
Peter Williams
pwilliams at rapattoni.com
Fri May 8 18:35:54 UTC 2009
5 years sounds about right. One will see the plugins (if they occur) also delegate to the cryptoAPIs of the platform and thence to the motherboard's TPM and/or smartcards, so one has real assurance beyond software. As today, the TPM secret will be stored in the MSFT AD, or equivalent, for "data recovery".
Its hard to imagine the US govt going backwards and trusting the PC for DH crypto and persistent storage of macs and nonce replays, when they have already all the infrastructure in commodity Windows now to delegate the crypto assurances properly to a multi-app chip on the card.
What we can imagine within those 5 years is that all the patents on near field and induction loops will be ending, so the whole swipe or insert thing goes away - and the point of presence (the PC) can just talk to the smartcard chip in your mobile/cell phone.
Of course being the US, the phone companies will be leveraging it to track your every movement for the federal govt - since all web connected PCs would conform a giant, distributed sensor array - doing for poeple what folks can do today to track the wireless ICCs in every modern car tire - to (probably) place the auto as it moves. But, this is really little different to today's world of phones; its just yet more granular and has better forensics. Noone really cares you are being probably being realtime tracked to within a km anyways already, today.
________________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Santosh Rajan [santrajan at gmail.com]
Sent: Friday, May 08, 2009 10:08 AM
To: general at openid.net
Subject: [OpenID] Finally, light at the end of the tunnel, for OpenID
In the last few days two new pieces of information come as great news for
OpenID. One for the long term, and the other for the short term.
Mozilla Firefox's demonstration of a single sign on with OpenID is testimony
to the fact that Browsers will eventually manage the users identity. It may
take five years or more to happen.
What is interesting for OpenID is that Browsers will not support proprietary
"Connect's". Unless of course the Connect vendor also happens to own the
Browser. I am hearing of Twitter Connect and Google Connect. The only
"Connect" that will be common to all browsers will be OpenID! I think
vendors coming out with their own Connect's, are venturing into something
really futile.
The short term good news for OpenID is the webfinger protocol being
developed. This will allow for email discovery, paving the way for emails as
OpenID's.
The onus on discovery lies with the email provider which is only natural,
and that is the only way it can work. This won't work if non email providers
were OP's. Atleast not as equals to the email providers. Non email providers
can issue virtual email addresses if they like. But it is not the real thing
and they will have to dish out the real email address via SREG or AX.
If Facebook had supported OpenID as an OP with SREG support earlier, me as
an OpenID community member would have been hard pressed to support the
webfinger protocol. Another way out would have been the centralized
discovery mechanism which is not going to happen anytime soon, and Facebook
would have been the de facto centralized mechanism until then!
To really make OpenID happen I always believed we need one of the biggies.
Ebay or Amazon or someone like that, and these guys won't play without an
email address. With the webfinger protocol for email addresses they will
definitely come on board. So it becomes very important for the community to
move the webfinger protocol fast.
We can now look forward to great times with OpenID!
-----
Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com
--
View this message in context: http://www.nabble.com/Finally%2C-light-at-the-end-of-the-tunnel%2C-for-OpenID-tp23449844p23449844.html
Sent from the OpenID - General mailing list archive at Nabble.com.
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list