<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Personal Internet Portal solution<br>
<br>
I would like to propose the use of OpenId in the following way:<br>
<br>
1 end-point devices suffer from malware, so avoid the contact with
this malware<br>
using server-based computing<br>
2 people want to store information to let them single sign on, for
example using OpenId, to several sites, on a place where nobody else
can break in. I call this place PIP Personal Internet Portal.<br>
3 this PIP uses directory services, like e-directory from Novell, to
store this information, to allow<br>
login with OpenId, or i-names, or biometrics.<br>
4 after login to their PIP people can execute program´s on the PIP
server, for example a browser, or a home-banking-application, or their
office-program´s.<br>
5 the user can chose to use extern application service providers, which
they trust, for the moment being.<br>
6 After login with strong identification, or even authentication (with
biometrics) the user can change the temporarily trust list.<br>
<br>
<br>
As for the use of OpenId, I think this will make life easier.<br>
kind regards,<br>
<br>
Roland Sassen<br>
<br>
<br>
Alaric Dailey wrote:
<blockquote cite="mid002201c6f6da$b62ffee0$8601a8c0@catbert" type="cite">
<div><span class="383092019-23102006">ok maybe I throw out my idea
for solving these problems.</span></div>
<div><span class="383092019-23102006"></span> </div>
<div><span class="383092019-23102006"><font face="Arial" size="2">1.
require SSL for any data transfer from IdP to RP ( assuming data isn't
going the other way)</font></span></div>
<div><span class="383092019-23102006"><font face="Arial" size="2">2.
sign or encrypt the logon token (however or whereever it is stored)</font></span></div>
<div><span class="383092019-23102006"><font face="Arial" size="2">3.
expire the logon after a certain period of time ( )</font></span></div>
<div><span class="383092019-23102006"><font face="Arial" size="2">4.
require ssl for IdPs for logon pages etc...</font></span></div>
<div><span class="383092019-23102006"><font face="Arial" size="2">5.
Heavily recommend that IdP's use</font></span></div>
<ul>
<li><span class="383092019-23102006"><font face="Arial" size="2">DNSSec</font></span></li>
<li><span class="383092019-23102006"><font face="Arial" size="2">Salted
passwords with strong hashing algos (ie NOT MD5 or SHA1)</font></span></li>
<li><span class="383092019-23102006"><font face="Arial" size="2">locked
down systems (patches, AV, firewalls, etc)</font></span></li>
</ul>
<div><span class="383092019-23102006"></span> </div>
<div><span class="383092019-23102006"><font face="Arial" size="2">Thus
RP's do not require an SSL cert, and data can be trusted, and it could
be proven that it has not been modified.</font></span></div>
<div><span class="383092019-23102006"></span> </div>
<div><span class="383092019-23102006"></span> </div>
<pre wrap=""><hr size="4" width="90%">
_______________________________________________
general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:general@openid.net">general@openid.net</a>
<a class="moz-txt-link-freetext"
href="http://openid.net/mailman/listinfo/general">http://openid.net/mailman/listinfo/general</a>
</pre>
</blockquote>
</body>
</html>