[Auth]Transparency of location

[Ron Burk]

I was thinking about the problem of transparency of
data location. If I use client package SuperPass at
home, but my company mandates use of PasswordMonkey
at work, then I will not be able to have a single database
shared between them, since they each use their own
proprietary data formats.

Then it occurred to me that it ought to be possible to
take the existing proposal, and tweak it only slightly
to allow anyone to implement a "PIB server" that any
of these client packages could access.

For example, what if one of the "actions" we specify
is "access PIB"? This would use the existing mechanism
to tell the client password software what URL is used
to access PIBs on this server. The client software would
then go there and use the same standard syntax to
supply an account name, password, and information
request (e.g., an HTTPS POST of an XML request) to fetch
the needed information for this user.

This requires the client software to be able to
generate SMIL in addition to reading it, but that's
a burden they probably are able to handle (and it's
optional, so they certainly don't have to). Most of
the work is on the server side, but that's something
neatly handled by an Apache module and an ISAPI
filter, so most people who wanted to offer a PIB
server would have to do little work.

Ignoring the exact details, the main point is that the
existing proposal could be tweaked slightly to also
define a standard interface by which PIBs can be
stored on and queried from third-party servers. The
goal of that extension is to allow storing PIBs in a
location that is accessible from all client password
software packages. The data is still stored in some
propietary format that the standard does not specify,
but it's accessible via a standard interface. The result
is that I could store my data on my own web server
(or that of my ISP, if they offered the appropriate
support), and both SuperPass and PasswordMonkey
could read it and update it.
Ron Burk
HighTechInfo.com, www.hightechinfo.com