NSTIC has announced funding for pilot projects. Preliminary proposals are due by March 7 and full proposals by April 23. There will be a proposer’s conference on February 15, which will be webcast live.
We are planning to submit a proposal and are inviting OpenID identity providers to join us. The proposed pilot will demonstrate a completely password-free method of user authentication where the relying party is an ordinary OpenID relying party. The identity provider will issue a public key certificate to the user, and later use it to authenticate the user upon redirection from the relying party. The relying party will not see the certificate. Since the certificate will be verified by the same party that issued it, there will be no need for certificate revocation lists. Certificate issuance will be automatic, using an extension of the HTML5 keygen mechanism that Pomcor will implement on an extension of the open source Firefox browser.
There will be two privacy features:
- The identity provider will supply different identifiers to different relying parties, as in the ICAM OpenID 2.0 Profile.
- Before authenticating the user, the identity provider will inform the user of the value of the DNT (Do Not Track) header sent by the browser, and will not track the user if the value of the header is 1.
The identity provider will:
- Implement a facility for issuing certificates to users, taking advantage of the keygen element of HTML5. The identity provider will obtain a public key from keygen, create a certificate that binds the public key to the user’s local identity, and download the certificate in an ad-hoc HTTP header. Pomcor will supply a Firefox extension that will import the certificate automatically.
- Use the certificate to authenticate the user upon redirection from the relying party. The browser will submit the certificate as a TLS client certificate. The mod_ssl module of Apache supports the use of a client certificate and makes data from the certificate available to high-level server-side programming environments such as PHP via environment variables.
For additional information you may write to us using the contact page of this site.
This blog post was discussed in the OpenID General Discussion Mailing List and the Identity Commons Mailing List.
Every weekend i used to pay a visit this web site, for the reason that i wish for enjoyment, for the reason that this this website conations truly pleasant funny information too.
Simply desire to say your article is as surprising.
The clarity in your post is just excellent and i can suppose you
are an expert in this subject. Fine with your permission allow me to clutch your RSS feed to stay updated with drawing close post.
Thank you 1,000,000 and please carry on the rewarding work.
You actually make it appear so easy together with your presentation
however I find this topic to be actually something that I feel I would by no means understand.
It sort of feels too complicated and very broad for me.
I am having a look forward to your next put up, I’ll attempt to get the cling of it!
Thankѕ very nicе blog!
I enjoy what you guys tend to be up too. This kind of clever work and reporting!
Keep up the terrific works guys I’ve you guys to blogroll.
An impгеssive shaге! Ι’ve just forwarded this onto a colleague who has been doing a little research on this. And he actually bought me dinner due to the fact that I stumbled upon it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanks for spending the time to discuss this topic here on your web page.
What’s Taking place i am new to this, I stumbled upon this I’ve
found It positively helpful and it has aided me out loads.
I hope to give a contribution & assist other
users like its helped me. Good job.