Export authentication to foreign websites
Short, concise description of the idea
A mechanism should be available for websites not associated with LiveJournal to allow visitors to authenticate themselves as specific LJ users
Full description of the idea
Please read this slowly, it's hard to explain clearly!
The LiveJournal Valentines System allowed LJ users to send valentines to each other in such a way that unrequited valentines were never sent. Obviously it had to make sure that someone claiming to be ciphergoth really was that user. To do this, it sent an authentication code to the email address on my "User Info" page. This works, but it's clunky and works only for users who advertise a correct, non-spam-trapped email address.
It would be good if LJ could provide a general, efficient, secure mechanism for doing this. In other words, provide a way for me to prove to some arbitrary website, like one run by my friend skx, that I am the LJ user ciphergoth, without giving away eg my password information.
An ordered list of benefits
- I can authenticate some resource away from LJ as belonging to some LJ user
- I can extend trust to an LJ users presence outside LJ
An ordered list of problems/issues involved
- The design of the protocol would be an interesting and challenging exercise. I'm a cryptographer, so it's the sort of thing I'd find entertaining. I'm only posting here to see if it's felt that this would be an OK thing for LJ to do; if there's support for the idea, I'll come back with a more detailed proposal.
An organized list, or a few short paragraphs detailing suggestions for implementation