(2004-04-01) Sigler Simpleid

Eric Sigler's Simple Id Digital Identity idea - So, the plan? Have the owner of a page put a tag in that says what entity they trust to handle their identity for them. Then have a set of best practices and rules of the road for how to flow small amounts of data back and forth. Finally, have two new pieces of software: a "Client" that is the one who is trying to figure out the identity involved, and a "Service Provider" that is the keeper of the info. The client and the server are simple ReST-ian CGI scripts most likely, and follow the practices set forth earlier... Simple I D is currently more identification than authentication (indeed, a complicated auto fill. But at least it can pull from data that I maintain, and isn't tied to my browser trying to be smart). What you're asking is how a client can trust that a SP is legit. That isn't covered yet, mostly because I'm still trying to figure out a lightweight way of doing it.