[ANN] Monticello (and OmniBrowser) support site
Avi Bryant
avi at beta4.com
Wed Apr 28 01:25:17 UTC 2004
On Apr 27, 2004, at 6:12 PM, Colin Putney wrote:
> Perhaps Avi will have something to say about Miso as well.
Miso is how I think these things *should* work, but I haven't had the
energy to push it recently. You can see the description here:
http://people.squeakfoundation.org/person/avi/diary.html?start=1 . The
basic idea is twofold: one, if want to be able to use the same
credentials to log into a whole bunch of different websites, you really
don't want to be using passwords, because any one of them could store
the password and reuse it later on another site. Much better is to use
an asymmetric key system like RSA. Two, carrying a private key around
everywhere is annoying, so instead you entrust your private key with
some one website that you completely trust. You can then use a
password to log into that website, and it will use the private key to
negotiate with any third party website that you want to get into. The
tricky part is pulling off this three-way negotiation so that it's both
secure and decentralized (ie, everyone can choose a different provider
to entrust with their private key).
Avi
More information about the Squeak-dev
mailing list
|