On Mon, 28 Jul 2003, Joshua Koenig wrote:
> >>> We talked about this with Zephyr, and the deal is - if DFA run > >>> Deanster > >>> then it cannot handle Authentication for the Nodes or they would have > >>> to > >>> be vetted by DFA (ie official) so I don't think this is possible. > >> > >> What about the opposite direction? Can unofficial nodes act as > >> single-signons for Deanster? All this implies is that Deanster will > >> trust an external source for identity validation, a necessary > >> component > >> of any distributed identity framework. To put it another way, how is > >> this different from Deanster accepting MS Passport validation? > > > > I don't see any problem with the opposite direction. THere shouldnt be > > any bad implications of Deanster using trusted node logins that I can > > think of. The issue with nodes using Deanster logins is that - if the > > nodes authentication is "controlled" by "official" DFA services, then > > the > > nodes must become official / vetted as well. This make sense? > > It does make some sense. I think it's a little over-cautious (e.g. MS > doesn't have to "endorse" every site that wants to use Passport) but > it's not that big a deal. Having it work by allowing local Nodes to be > trusted sources for identity is probably better anyway. More of a > foundation for distributed architecture. Agreed on all counts ;) -Zack > cheers > -josh >