On 5/23/19 10:24 AM, stan via devel wrote:
On Mon, 20 May 2019 14:33:57 -0400
Przemek Klosowski via devel <devel@lists.fedoraproject.org> wrote:
Right, but it's just a stepping stone to a world with universal
authentication, and granular authorization based on credentials from
that universal authentication.
I hope that world never arrives. That would be absolutely terrible for
privacy.
Well, I am all for privacy as well. Here, however, we're talking about
our activity in the open forum: our hobbies or jobs. Right now , to use
my favorite analogy, we treat our computer accounts as pets---but the
technology results in so many of them that we need to learn to treat
them as cattle. I DO want to federate all (or at least most) of my
computer accounts under my 'official' identity. If I wanted to hide my
crocheting activities hidden from the world at large, I should still be
able to create a separate identity.
And if, heaven forbid, the universal authentication became
compromised, it would destroy an individual.
The single authentication does not have to be a single point of failure:
access to individual resources could still be gated by per-resource
passwords or other secret identifiers. This is all still in flux :
nobody knows how to do it correctly in a way that is both secure and
convenient---maybe it'll take some sort of hardware security tokens like
Yubico or RSA, or maybe software credential stores that use built-in
security mechanisms like TPM and/or ARM TrustZone.
The current situation of completely separate authentication schemes is
unsustainable, and has to change into some more-like-herding-cattle scheme.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
