Eddy Nigg wrote, On 2009-03-22 02:57: > [...] client certificates AND OpenID are a great combination. We don't > sell it, it's free. > > OpenID is a digital identity and eliminates the need for multiple > usernames across different websites. For authentication at the provider > side we use client certificates for authentication. This makes it a very > secure combination. Some more information is also available here: > https://www.startssl.com/?app=14 > > Now, client certificates can be used at any site for authentication > purpose, but OpenID has other advantages (including shifting the > responsibility to a centralized location). This doesn't mean the client > certs can't be used - quite the opposite, we are using it for > authentication. Does make this sense?
I think you're saying that OpenID provides a centralized single space of Use IDs (user names, if you will), and your certs may be used as a strong method of authenticating the user to a server as the true holder of such an ID. Is that it? A unified user ID space might go a long way to help make client certs more universally acceptable, which in turn might make them more desirable. So this does sound like an intriguing combination. How does that work (for the user)? If I were to get an OpenID, how would I get a cert from your CA that certified me as the holder of that ID? Or do I have it wrong? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
