We have been discussing something like this over here too, as well as exploring more esoteric blockchain+signature-based "SSO" implementations as discussed by John Light and others.
One of our long-term ambitions with Hive is to provide a (mostly) user-transparent, decentralized authentication service. It sounds like our infrastructure could already handle a Persona implementation, and we very much want to get behind some forward-thinking standard. So as long as the plan _IS_ to remove said 'centralized struts' at the appropriate time, I'd say we're interested in exploring this further. -wendell grabhive.com | twitter.com/grabhive | gpg: 6C0C9411 On Aug 9, 2013, at 1:43 PM, Mike Hearn wrote: > This is just me making notes for myself, I'm not seriously suggesting this be > implemented any time soon. > > Mozilla Persona is an infrastructure for web based single sign on. It works > by having email providers sign temporary certificates for their users, whose > browsers then sign server-provided challenges to prove their email address. > > Because an SSO system is a classic chicken/egg setup, they run various > fallback services that allow anyone with an email address to take part. They > also integrate with the Google/Yahoo SSO systems as well. The intention being > that they do this until Persona becomes big enough to matter, and then they > can remove the centralised struts and the system becomes transparently > decentralised. > > In other words, they seem to do a lot of things right. > > Of course you can already sign payments using an X.509 cert issued to an > email address with v1 of the payment protocol, so technically no new PKI is > needed. But the benefit of leveraging Persona would be convenience - you can > get yourself a Persona cert and use it to sign in to websites with a single > click, and the user experience is smart and professional. CAs in contrast are > designed for web site admins really so the experience of getting a cert for > an email address is rather variable and more heavyweight. > > Unfortunately Persona does not use X.509. It uses a custom thing based on > JSON. However, under the hood it's just assertions signed by RSA keys, so an > implementation is likely to be quite easy. From the users perspective, their > wallet app would embed a browser and drive it as if it were signing into a > website, but stop after the user is signed into Persona and a user cert has > been provisioned. It can then sign payment requests automatically. For many > users, it'd be just one click, which is pretty neat. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
