Paul Crowley (ciphergoth) wrote in suggestions,
Paul Crowley

Export authentication to foreign websites

Export authentication to foreign websites

Short, concise description of the idea
A mechanism should be available for websites not associated with LiveJournal to allow visitors to authenticate themselves as specific LJ users

Full description of the idea
Please read this slowly, it's hard to explain clearly!

The LiveJournal Valentines System allowed LJ users to send valentines to each other in such a way that unrequited valentines were never sent. Obviously it had to make sure that someone claiming to be ciphergoth really was that user. To do this, it sent an authentication code to the email address on my "User Info" page. This works, but it's clunky and works only for users who advertise a correct, non-spam-trapped email address.

It would be good if LJ could provide a general, efficient, secure mechanism for doing this. In other words, provide a way for me to prove to some arbitrary website, like one run by my friend skx, that I am the LJ user ciphergoth, without giving away eg my password information.

An ordered list of benefits

  • I can authenticate some resource away from LJ as belonging to some LJ user
  • I can extend trust to an LJ users presence outside LJ

An ordered list of problems/issues involved

  • The design of the protocol would be an interesting and challenging exercise. I'm a cryptographer, so it's the sort of thing I'd find entertaining. I'm only posting here to see if it's felt that this would be an OK thing for LJ to do; if there's support for the idea, I'll come back with a more detailed proposal.

An organized list, or a few short paragraphs detailing suggestions for implementation

  • If there's support for the idea, I'll design a detailed protocol proposal and put it on my web pages. It's complex, because there are three parties involved in the protocol: the LJ user, the LJ servers, and the foreign website. It's also complex because browsers have pretty limited (and varying) capabilities, and because we want to impose minimal load on the LJ servers while keeping it all secure. It's complex because cookies are tricky buggers...
  • </li> </a>
Tags: openid, § implemented
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded