Loading ...
Sorry, an error occurred while loading the content.

Re: [decentralization] a simpler authorization protocol

Expand Messages
  • Julian Bond
    ... There s a social paradox here that systems like Linkedin attempt to solve. There are a lot of people who:- - Want to network and receive unsolicited
    Message 1 of 23 , Nov 14, 2004
    • 0 Attachment
      Mike Dierken <dierken@...> wrote:
      >I do agree that a system based on unsolicited requests for your
      >attention will devolve into spam at some point.

      There's a social paradox here that systems like Linkedin attempt to
      solve.

      There are a lot of people who:-
      - Want to network and receive unsolicited approaches from people who can
      provide mutual benefit.
      - Don't want to receive spam and want to be able to block unsolicited
      approaches from people who are a PITA.

      What we need for this is systems that allow "arms length" initial
      communication. Something that allows the progressive opening up of
      layers of protection as the relationship deepens. The problem with email
      addresses now seems to be that they are binary. Keep them secret or be
      deluged by spam with nothing in between.

      "True Names" comes to mind here as does all the work on anonymous
      remailers.

      --
      Julian Bond Email&MSM: julian.bond at voidstar.com
      Webmaster: http://www.ecademy.com/
      Personal WebLog: http://www.voidstar.com/
      M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
    • Julian Bond
      ... SXIP == Passport/Liberty done properly. They deserve to do well. However readers of this group might ponder on the issue that SXIP depends on a DNS record
      Message 2 of 23 , Nov 14, 2004
      • 0 Attachment
        Lucas Gonze <lucas@...> wrote:
        >Marc Canter blogs on Sxip:
        >http://marc.blogs.it/archives/2004/11/universal_inter.html
        >...
        >
        >Universal Internet identity system sought for everyone

        SXIP == Passport/Liberty done properly. They deserve to do well.

        However readers of this group might ponder on the issue that SXIP
        depends on a DNS record of the form foo.bar.com.simple.sxip.net This
        gives them the choke point that would let them make some money. But it's
        not exactly de-centralised.

        I don't want to undermine SXIP when they're just getting going. But I do
        think there may be a way of making this completely distributed. The
        technical problem revolves around cross site cookies being banned.

        --
        Julian Bond Email&MSM: julian.bond at voidstar.com
        Webmaster: http://www.ecademy.com/
        Personal WebLog: http://www.voidstar.com/
        M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
      • Mike Dierken
        ... You are probably right. ... I send search results to Web destinations like Blogs and such via several Web APIs and content formats (WeblogAPI, RSS 0.91,
        Message 3 of 23 , Nov 15, 2004
        • 0 Attachment
          >
          > I think that most users have disposable webmail accounts to do about the
          > same thing as a one-shot address. The problem is that they still hate
          > giving those addresses away, so you still lose users over something
          > unimportant.
          You are probably right.

          >
          > What do you do with the POSTs, Mike?
          I send search results to Web destinations like Blogs and such via
          several Web APIs and content formats (WeblogAPI, RSS 0.91, Blogger
          API, Atom API, TrackBack, plain text, simple mod-pubsub, etc).

          I haven't come up with a way to authenticate that the URI specified by
          a user (typically a blog) is actually controlled by that user. I
          probably could look at each API and determine a way to traverse the
          links to find a resource that might be used to host a verification
          token, but there are a lot of potential APIs...

          If you have an account you can view the list here:
          http://www.searchalert.net/searchalert/destinations/add.jsp

          You can see some results at my 'test' blog:
          http://dierken.blogspot.com
        • Mike Dierken
          ... Interesting. I hadn t seen this put so succintly before.
          Message 4 of 23 , Nov 15, 2004
          • 0 Attachment
            > What we need for this is systems that allow "arms length" initial
            > communication. Something that allows the progressive opening up of
            > layers of protection as the relationship deepens.
            Interesting. I hadn't seen this put so succintly before.
          • Mike Dierken
            ... Do you mean that the solution involves enabling cross site cookies?
            Message 5 of 23 , Nov 15, 2004
            • 0 Attachment
              > But I do think there may be a way of making this completely distributed. The
              > technical problem revolves around cross site cookies being banned.
              Do you mean that the solution involves enabling cross site cookies?
            • Martin Peck
              ... Iterative deepening is a wonderful technique to use in distributed and decentralized systems. It can provide a robust form of implicit feedback and allows
              Message 6 of 23 , Nov 15, 2004
              • 0 Attachment
                On Mon, 15 Nov 2004 21:51:11 -0800, Mike Dierken <dierken@...> wrote:
                > > What we need for this is systems that allow "arms length" initial
                > > communication. Something that allows the progressive opening up of
                > > layers of protection as the relationship deepens.
                > Interesting. I hadn't seen this put so succintly before.

                Iterative deepening is a wonderful technique to use in distributed and
                decentralized systems. It can provide a robust form of implicit
                feedback and allows the end user to determine the depth of
                communication desired.

                As for single sign on (Sxip), I only see this working for homogeneous
                security domains. The likelihood of a system being used for on line
                banking as well as weblog comment posting is almost zero.

                Regards,
              • Julian Bond
                ... Maybe. The problem is identifying in the browser where the home site profile and authentication is held. There s really only three solutions. - Ask the
                Message 7 of 23 , Nov 15, 2004
                • 0 Attachment
                  Mike Dierken <dierken@...> wrote:
                  >> But I do think there may be a way of making this completely distributed. The
                  >> technical problem revolves around cross site cookies being banned.
                  >Do you mean that the solution involves enabling cross site cookies?

                  Maybe. The problem is identifying in the browser where the home site
                  profile and authentication is held. There's really only three solutions.
                  - Ask the user. ie Drupal's remote auth
                  - Display an image provided by the home site. ie Passport signin button
                  - Use a common domain that both home site and member site recognise. ie
                  xxx.sxip.net

                  To completely decentralise this, you need any site to be able to put a
                  button on a login or account creation form that says "Get Auth from your
                  home site" without prior knowledge of where the home site is or prior
                  relationship between the home site and member site. And for the browser
                  to then start the redirection process based on information it's already
                  got. There's clearly some tricky trust issues here about prior
                  federation of authentication between the sites.

                  All of this stuff and patterns for dealing with it have been worked out
                  and documented by the Liberty group. It's just that their focus is on
                  looking at the relationship between say Amex and Fedex. Whereas mine is
                  between Wordpress and Slashdot.

                  But it does all become easier if there's at least one central party. My
                  Wordpress site could use SXIP in the knowledge that any profile and auth
                  home site had been authenticated by them and was reasonably trustworthy.

                  This is one extra layer of indirection from saying "get the auth and
                  profile from Typekey". Now we're saying something like "get the auth and
                  profile from any Typekey like service known to SXIP". The question is
                  whether we can get to "get the auth and profile from any Typekey like
                  service".

                  --
                  Julian Bond Email&MSM: julian.bond at voidstar.com
                  Webmaster: http://www.ecademy.com/
                  Personal WebLog: http://www.voidstar.com/
                  M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
                • Lucas Gonze
                  ... Are there systems that use it which I can look at, Martin? I m having a hard time picturing what it would look like in practice. - Lucas
                  Message 8 of 23 , Nov 15, 2004
                  • 0 Attachment
                    On Mon, 15 Nov 2004, Martin Peck wrote:

                    >
                    > On Mon, 15 Nov 2004 21:51:11 -0800, Mike Dierken <dierken@...> wrote:
                    >>> What we need for this is systems that allow "arms length" initial
                    >>> communication. Something that allows the progressive opening up of
                    >>> layers of protection as the relationship deepens.
                    >> Interesting. I hadn't seen this put so succintly before.
                    >
                    > Iterative deepening is a wonderful technique to use in distributed and
                    > decentralized systems. It can provide a robust form of implicit
                    > feedback and allows the end user to determine the depth of
                    > communication desired.

                    Are there systems that use it which I can look at, Martin? I'm having a
                    hard time picturing what it would look like in practice.

                    - Lucas
                  • Julian Bond
                    ... Agreed. But while lots of work is being done in the B2B area the only people I m aware of working at the weblog end, and with something demonstrable is
                    Message 9 of 23 , Nov 16, 2004
                    • 0 Attachment
                      Martin Peck <coderman@...> wrote:
                      >As for single sign on (Sxip), I only see this working for homogeneous
                      >security domains. The likelihood of a system being used for on line
                      >banking as well as weblog comment posting is almost zero.

                      Agreed. But while lots of work is being done in the B2B area the only
                      people I'm aware of working at the weblog end, and with something
                      demonstrable is SXIP. The thing is Passport has failed, Liberty is aimed
                      at B2B. Which means there's a chance for a properly architected bottom
                      up solution to become the standard. If it's built right there's no
                      telling how high up the ladder it could go.

                      This is a pretty boring area ;-) but at the weblog end, comments spam is
                      a problem we all have *right now*. And the spammers and scammers are
                      getting more inventive and prepared to do work. It's not at all unusual
                      now for a scammer to go through the whole signon process, wait a week
                      and then use the system's internal processes to start sending the
                      message.

                      We're seeing each major blog platform introduce it's own centralised
                      authentication to try and deal with this. So in order to leave a comment
                      I have to have a Blogger, Typekey, Userland, etc etc account depending
                      on where the blog is located. I'd much rather just say "My authenticated
                      home account is at Ecademy, use that" and with no changes to any of the
                      systems, you should be able to say "My authenticated home account is at
                      TuCows, use that".

                      --
                      Julian Bond Email&MSM: julian.bond at voidstar.com
                      Webmaster: http://www.ecademy.com/
                      Personal WebLog: http://www.voidstar.com/
                      M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
                    • Lucas Gonze
                      ... Ok, then say there is an authentication system. How does that help with comment spam? I don t mean to troll, but I ve been thinking about it and can t
                      Message 10 of 23 , Nov 16, 2004
                      • 0 Attachment
                        On Tue, 16 Nov 2004, Julian Bond wrote:
                        > Martin Peck <coderman@...> wrote:
                        >> As for single sign on (Sxip), I only see this working for homogeneous
                        >> security domains. The likelihood of a system being used for on line
                        >> banking as well as weblog comment posting is almost zero.
                        >
                        > Agreed. But while lots of work is being done in the B2B area the only
                        > people I'm aware of working at the weblog end, and with something
                        > demonstrable is SXIP. The thing is Passport has failed, Liberty is aimed
                        > at B2B. Which means there's a chance for a properly architected bottom
                        > up solution to become the standard. If it's built right there's no
                        > telling how high up the ladder it could go.
                        >
                        > This is a pretty boring area ;-) but at the weblog end, comments spam is
                        > a problem we all have *right now*.

                        Ok, then say there is an authentication system. How does that help with
                        comment spam? I don't mean to troll, but I've been thinking about it and
                        can't see a way short of fairly heavyweight web of trust things.

                        - Lucas
                      • Julian Bond
                        ... The short answer is I don t know! But here s a proposal. - You can t rely on pre-verification, so all you can do is kill it quickly. - Combine the ideas in
                        Message 11 of 23 , Nov 16, 2004
                        • 0 Attachment
                          Lucas Gonze <lucas@...> wrote:
                          >Ok, then say there is an authentication system. How does that help with
                          >comment spam? I don't mean to troll, but I've been thinking about it and
                          >can't see a way short of fairly heavyweight web of trust things.

                          The short answer is I don't know! But here's a proposal.
                          - You can't rely on pre-verification, so all you can do is kill it
                          quickly.
                          - Combine the ideas in Razor, single signon and the Orkut Jail
                          - It's easier if there is a central Rootsite tracking GUPIs (to use SXIP
                          terminology)

                          So allow any single signon authenticated person to report an example of
                          comments spam. Put the accused in jail where their single signon stops
                          working for a week. Report the event to the Homesite. Automatically
                          release them at the end of the week. After three strikes disable that
                          GUPI completely.

                          --
                          Julian Bond Email&MSM: julian.bond at voidstar.com
                          Webmaster: http://www.ecademy.com/
                          Personal WebLog: http://www.voidstar.com/
                          M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
                        • Julien Couvreur
                          ... Without going into the implementation details (whether browsers can copy cookies from domain to domain, etc.) I think one problem with all federated
                          Message 12 of 23 , Nov 16, 2004
                          • 0 Attachment
                            Julian Bond [julian_bond@...] wrote:
                            > SXIP == Passport/Liberty done properly. They deserve to do well.

                            Without going into the implementation details (whether browsers can
                            copy cookies from domain to domain, etc.) I think one problem with all
                            federated authentications is trust.

                            (quote from http://blog.monstuff.com/archives/000173.html)
                            "Ben seems to think that a federated system is definitely better than
                            a centralized one. I think there are obvious advantages like allowing
                            interop, competition and enhanced network effect, but also the
                            difficulties with federation go beyond the simple challenge of sending
                            the user to the appropriate authentication provider when he needs to
                            sign in.

                            The real problem is with the service that is going to consume the
                            identity assertion. Which identities/providers/realms should it trust?
                            You wouldn't let any "bank" join the VISA network, would you?
                            Or if you are Paypal, would you choose to support users accounts
                            provided by Passport, TypeKey or both? What is the risk you are taking
                            by integrating TypeKey into your business? If TypeKey is found to have
                            a security hole, how confident are you that it'll be handled to your
                            satisfaction?

                            But we can assume that building a business is not the goal here, only
                            to offer single sign-on to community sites and help fight comment
                            spam...

                            Still, spammers could start creating hundreds of authentication
                            services, or hacking into some competitors (that aren't as well
                            administered/secured as TypeKey might be) to create spam accounts or
                            hijack legit accounts. As a consumer of identity assertions you still
                            care about the issuer of these."


                            I am starting to think that the solution is going to require some
                            browser changes and will ressemble PKI certs. A user will hold
                            "capabilities" (see http://www.erights.org/ ) or handles for the
                            various distributed resources that he can access, will store them
                            either locally (USB, smartcard), a website or in a
                            replicated/private/P2P folder.

                            For example, you would have a capability representing your Amazon
                            account and a capability to your bank account. When you go to Amazon,
                            if you need to authenticate (to get access to your shopping cart),
                            Amazon, your browser, your capability storage and yourself will work
                            together to provide the "amazon account" capability to your browsing
                            session.
                            There is still the problem that you need to fill some data for Amazon
                            registration. Maybe your browser needs to cooperate with Amazon and
                            your data store again, or maybe Amazon can take a capability to a
                            "profile provider service".

                            Capabilities can be combined and restricted in many ways. For example,
                            the "visa credit card" capability could be used to generate an "amazon
                            only, 100$ max debit, unlimited credit, revocable, 24h duration"
                            capability. Amazon would only trust visa credit card capabilities from
                            some sources.
                            Similarly, a capability to your profile could restrict which pieces of
                            information are shared.

                            The browser needs to be modified to make these scenarios as simple as
                            possible. Also, some taxonomy and semantics need to be defined, so
                            that Amazon can express the capabilities that it needs and can
                            negotiate with the user or any automated agent representing the user.

                            What do you think?
                            Julien
                          • Martin Peck
                            ... Hi Lucas, I should clarify that I meant iterative deepening in a more general sense (iterative refinement?) than just the traditional IDA* concept. As a
                            Message 13 of 23 , Nov 17, 2004
                            • 0 Attachment
                              On Mon, 15 Nov 2004 21:46:27 -1000 (HST), Lucas Gonze <lucas@...> wrote:
                              > On Mon, 15 Nov 2004, Martin Peck wrote:
                              > > Iterative deepening is a wonderful technique ...
                              >
                              > Are there systems that use it which I can look at, Martin? I'm having a
                              > hard time picturing what it would look like in practice.

                              Hi Lucas,

                              I should clarify that I meant iterative deepening in a more general
                              sense (iterative refinement?) than just the traditional IDA* concept.

                              As a general case (progressively expanding / narrowing a search or
                              increasing detail in user interactions) this is useful for a few
                              reasons:

                              - It is directed by the user so early halt / termination of a query is
                              possible. For distributed systems this can greatly improve network
                              efficiency.

                              - It provides an implicit feedback mechanism that can indicate
                              relevance / interest.

                              Some examples include the ability for some p2p clients to "expand"
                              search from the super peers they are directly connected to more
                              remote nodes via forwarded queries. mlDonkey is one client which
                              supports this for example.

                              In the case of implicit feedback the act of a user iterating through
                              pages / sites / files can indicate relevance (if the resource was
                              provided by a query) or the opposite if they quickly close / delete /
                              ignore the result.

                              One example I remember reading about (can't find the link) was an
                              experiment where search results returned some very high level blurbs
                              about relevant text documents or thumbnail images. As the user
                              selected from a given set of results to obtain a detailed paragraph
                              about the document or an image gallery the results were adjusted to
                              use the selections as relevant for further refinement and placed less
                              emphasis on the other results. They could continue another one or two
                              layers of detail with the full resource (entire text / photo
                              collection / etc) returned.

                              In addition to improving the results for a particular user, the
                              actions of all users was tracked and used to determine what resources
                              were more generally relevant. These results were then displayed /
                              presented more prominently given the higher likelihood they would be
                              useful.

                              Hope that makes sense. I'll try to find some papers / projects which
                              do a better job explaining this technique and apply to real world
                              problems like query routing and recommender systems.

                              Regards,
                            • Julian Bond
                              ... I m SXIP intend their service to be a business. But you re right, I m interested in bottom up systems to provide single sign-on, identity and
                              Message 14 of 23 , Nov 17, 2004
                              • 0 Attachment
                                Julien Couvreur <julien.couvreur@...> wrote:
                                >But we can assume that building a business is not the goal here, only
                                >to offer single sign-on to community sites and help fight comment
                                >spam...

                                I'm SXIP intend their service to be a business. But you're right, I'm
                                interested in bottom up systems to provide single sign-on, identity and
                                authentication for small private websites not just large corporate ones.

                                >Still, spammers could start creating hundreds of authentication
                                >services, or hacking into some competitors (that aren't as well
                                >administered/secured as TypeKey might be) to create spam accounts or
                                >hijack legit accounts. As a consumer of identity assertions you still
                                >care about the issuer of these."

                                In the spirit of de-centralization, maybe everyone should be able to run
                                their own identity and authentication server. Not tens or hundreds but
                                millions. This sounds impossible and far fetched. But my blog is already
                                my identity server. It just can't provide that identity in a structured
                                way.

                                --
                                Julian Bond Email&MSM: julian.bond at voidstar.com
                                Webmaster: http://www.ecademy.com/
                                Personal WebLog: http://www.voidstar.com/
                                M: +44 (0)77 5907 2173 T: +44 (0)192 0412 433
                              Your message has been successfully submitted and would be delivered to recipients shortly.