authentication - Would a login system based on digital signing be a good idea? -


One goal of OpenID is to be resistant against the failure of one corporation. It sounds good, but there is another problem: If the site hosted on your ID goes down, then your ID is as low as I thought the login system should be completely resistant to failure.

My idea is this: I go to a website and I have to login I give them my public key, the website sends me some random data back. I will sign this data with my private key. I'll send it back and send it back. If the signature is valid, then I am logged in. The advantage of this is that my ID is just my public key, so I do not trust any external site.

To make it that users' must remember the key there, the system can optionally allow an OpenID-like system where my key is hosted on some servers and the original site login Redirects me there, and that site indicates data and sends it back to the original site, and I am logged in. This method works like OpenID, but I will be allowed to return my keys, if that site goes down, then I can use another site.

Is this a practical arrangement? Am I wasting my time? Should not I be wheeled again and should use only OpenID?

Identity cards, such as Windows CardSpace, are a good alternative because they are stored on your computer and supported It can be called technically or

This is different from a centralized identity service like OpenID. The good thing about the openID system is that the identity of everyone going down the server is too small. However, on individual basis, each user may experience outage.

The Information Card is a good solution by Microsoft, although it is not very popular.

This is not a new problem - Email signatures and encryption have the same solution as the private / public key system. In the GPG there are actually the main places where you can post your public key so that people can verify your signature.

If you really want to avoid any possibility of being below an identity server (very strict requirement), use a cardpace, or some other private / public key system where the user's keys , And only have to show that they have been challenged by some Hashing algorithms.

In addition to this, the CardSpace solution is not strictly about Microsoft, there are so many applications for all operating systems. I believe this is a public standard.


Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more