This is Mikael Hooglandt's Typepad Profile.
Join Typepad and start following Mikael Hooglandt's activity
Join Now!
Already a member? Sign In
Mikael Hooglandt
Recent Activity
The problem I see there, AnyGould, is that your identity provider is still some third party. If you're on the web to be able to hit a web site there is no reason any resource should be hit other than your PC for identity verification. "Trusted" identities for sensitive systems is a different concern but just for posting on codinghorror.com shouldn't take any sort of "trusted" status and you telling this site who you are should be enough. But, this is one thing I care particularly about though so I am biased.
Finally! It seriously took me about 5 minutes to create a profile (which I still had to provide a username/password for ;)) because the other sites didn't work! That said, I do believe passwords can be abolished. Though, I don't trust any other identity provider. There is no reason why I should be bound by some other system to verify who I am other than me. That said, I think a fairly solid solution would be to use the PGP model that would act as a plug-in for browsers. You would have an application that would sit on your PC and it would create and manage a secret key. Profiles could be generated from this secret key and generate public keys which can be shared at will. The browser plug-in would then detect if the site is using the same authentication scheme and, if the site is authorized by you, the public key and profile would be shared with the site over an encrypted connection and you would have instant access to your sites. Granted, this would need a critical mass of user penetration to be considered useful but it would require no passwords and could be shared across devices (This *could* create a management headache. Though, why you would have a different address for your ebay profile from device to device is beyond me.). The entire purpose would be to store identity profiles and not payment methods so there shouldn't be much worry about the boogie man lurking around the corner. The only real issue is if your computer is compromised and your keys were stolen. This would also defeat keyloggers, as Izaak mentioned, as no keystrokes would ever be required to generate and pass around the keys that identify your profile. There would be no risk of mistaken identity from site to site as the keys for each profile would be unique. Basically, I trust no corporation or institution to vouch for me as ultimately they will only serve their own interests and there is always the risk that if the "trusted" source says you're someone different, through fluke or otherwise, than who you say you are then who are you to disagree? Eventually we must all take responsibility for who we are online and I think only we, as individuals, can do that. This might not be a perfect system but I do believe it to be in line with these ideals.
Mikael Hooglandt is now following The Typepad Team
Sep 6, 2011