Re: [Auth]delurking with opinions

[Kurt L. Sussman]

Albert Scherbinsky (address@hidden) typed this ...
> "Kurt L. Sussman" wrote:
> > I'm still not convinced that the browser has to become smarter for this
> > to work. I do understand that putting this functionality into the
> > browser opens it up to everyone, whether they can run their own server
> > or not (due to firewall, policy, or other restrictions). Open access is
> > a very good thing.
> 
> Again, the browser becoming smarter isn't a necessary
> condition for compliance with the SIML/PIBXML/SingleLogin
> standard. However, some people are going to want it in this
> configuration. Some people don't want to entrust any service
> provider with their personal data. Think of the possible
> implementation architectures as providing a spectrum of
> combinations of privacy and convenience.

I agree that a plugin will guarantee that the user gets all the security
they want (ignoring bugs for now). I though the goal was to get enough
market share to convince site owners to support dotGNU as well as
Passport for authentication? If nothing is required on the web site
side, I guess that's good, but the integration does offer some benefits.

> > My concern is that people won't install a plugin. It's too much work for
> > the average user (e.g. my mom). That's how IE got its market share; by
> > being the default. Passport is the default; how do we get people to take
> > one extra step to dotGNU auth?
> 
> This is a valid concern, but for those who want the highest
> degree of privacy nothing other than managing their personal
> information on their own computer will do. They see
> installing a plugin as a very minor inconvenience. For the
> very best page description format, people still install
> acrobat.

We can argue about psychology of users forever without accomplishing
anything useful.

> Bingo, we don't want to limit peoples ideas about how they
> might implement. If convenience is your utmost concern then
> implement a suitable architecture.

I want to implement something that is secure enough relative to the
amount of risk. I don't need a $3000 safe for my old bank statements,
but I might be able to justify a big safe for my real estate records and
bearer bonds. 

For Amazon purchases and Slashdot postings, I don't need absolute
control over every bit that's sent or received. A proxy will be fine.
For stock trades, I might want a plugin.

> > As long as the spec is tight enough that any conforming implementation
> > will work, I'm happy. I just like to see things like that specified.
> > After all, privacy is one of the reasons we're not satisfied with
> > Passport, right?
> 
> To be sure, the access control should be specified. Just not
> within the scope of the SIML/PIBXML/SingleLogin standard. It
> should be specified by the implementor, and rigorously
> tested.

As long as the spec guarantees that the plugin and the proxy will be
indistinguishable to the web site I'm visiting, I'm happy.

> Regards,
> -- 
> Albert Scherbinsky

--Kurt
-- 
----------------------------------------------------------------------
    Merlot Research Group, Inc               http://www.merlot.com
    Software Quality and Testability Consulting     address@hidden