Subject: Re: authentication systems (.NET, .GNU): Its the desktop, dummy.
From: Tom Lord <lord@regexps.com>
Date: Wed, 12 Sep 2001 20:23:47 -0700 (PDT)


       I believe it would be clearly beneficial to have a single
       secure authentication system, one which permitted a single
       password for a limited number of roles, one in which each site
       which used the authentication system clearly stated in a
       verifiable manner which items of information that site would
       use, and one which permitted easy use of stored credit card
       information without having the credit card information stored
       in many locations around the net.

       [....] I think that Passport has a clear role in the
       marketplace.

Standards for forms that request the usual array of secure
information, combined with some smarts in browsers, can satisfy most
of your requirements.

Standards for exchanging credit card information in a form that
permits only one-time, vendor and amount-specific use can satisfy the
rest.

Secure, application-independent, on-line data storage can provide
device and location independence, if and when that is something lots
of people want.

No authentication service is needed -- merely incremental improvements
to the way things already work.

-t