On Jun 6, 2012, at 11:14 PM, Aaron C. de Bruyn wrote: > On Wed, Jun 6, 2012 at 8:34 PM, Jimmy Hess <[email protected]> wrote: >> Which digital id architecture should web sites implement, and what's >> going to make them all agree on one SSO system and move from the >> current state to one of the possible solutions though? :) >> >> A TLS + Client-Side X.509 Certificate for every user. > > Heck no to X.509. We'd run into the same issue we have right now--a > select group of companies charging users to prove their identity. >
Not if enough of us get behind CACERT. Non-profit organization providing fee certificates based on web of trust model. http://www.cacert.org For any of you in the bay area and/or who encounter me in my various travels, I am an CACERT top-level notary. Personally, I like the SSH model and simply giving the web-site your public key at sign-up, but, there are issues with that as well... If your private key is compromised, how do you notify all of the web-sites that it needs to be revoked? Owen
