parkert at uclink.berkeley.edu
Mon Oct 13 18:42:51 UTC 2003
In our last episode Julian Bond said:
:I keep worrying at Single Sign On. My thought is to extend the Drupal
:scheme and make it a little more generic. See
:http://www.voidstar.com/sea/ for details.
I have concerns about the Drupal model of sigle sign on with respect to
the security model. It seems like with many projects in this area the
emphasis has been on getting a working product out the door, and I don't
necessarily think that's a bad thing. It's good to get early adoptors
creating momentum, but soon there will need to be better tools for
controlling private information (or rather access to it).
With respet to authentication, I myself am partial to the Liberty Alliance
model (federated autentication), and would be interested in working with
some folks to build a nice API that FOAFsters (et al) could use.
:The link to FOAF is the possibility of using FOAF as a serialization of
:profile information being passed between systems requiring sign on.
Indeed, I also see FOAF as the lingua franca (sp) for this sort of thing.
The trick then is deciding who gets what parts of our foaf profile from
that single source.
I'm curious if anyone has been thinking about systems for distributing
FOAF info dynamically, i.e. creating software that acts as an agent,
handing out different FOAF based on the consumer. It seems to me that
this is necessary before you can use a single FOAF source for everything
from shopping on Amazon to chatting on AOL (since you might not want to
give anyone you chat with your credit card #).
School of Information Management and Systems
University of California, Berkeley
More information about the foaf-dev