On Apr 27, 2004, at 6:12 PM, Colin Putney wrote:

> Perhaps Avi will have something to say about Miso as well.

Miso is how I think these things *should* work, but I haven't had the 
energy to push it recently.  You can see the description here: 
http://people.squeakfoundation.org/person/avi/diary.html?start=1 .  The 
basic idea is twofold: one, if  want to be able to use the same 
credentials to log into a whole bunch of different websites, you really 
don't want to be using passwords, because any one of them could store 
the password and reuse it later on another site.  Much better is to use 
an asymmetric key system like RSA.  Two, carrying a private key around 
everywhere is annoying, so instead you entrust your private key with 
some one website that you completely trust.  You can then use a 
password to log into that website, and it will use the private key to 
negotiate with any third party website that you want to get into.  The 
tricky part is pulling off this three-way negotiation so that it's both 
secure and decentralized (ie, everyone can choose a different provider 
to entrust with their private key).

Avi