On 8/22/07, Lemon Obrien <[EMAIL PROTECTED]> wrote: > why would anyonw want to deal with decentralized-login, IMHO, is > bs.
In the scenario where it is desirable for a system to be completely controlled by one entity, I'd agree; centralized login is very tempting -- both because it is technically simplistic, but more importantly because of control issues: billing your users, being able to revoke access, etc. But I think decentralized login is a fascinating problem. We've already seen workable semi-decentralized solutions for this in the form of email (a system in which the servers are completely decentralized, if not the end users) and Internet access (each ISP has its own centralized authentication method, but collectively access is distributed among nearly countless "login providers"). And flawed as it may be, OpenID is a noble and interesting effort. I'd add that self-certifying identifiers, where nodes can be positively identified (if not users) is also a very viable solution. This is the route we're taking in flŭd. You have to deal with sybil attack scenarios where there is no provably airtight solution (in /neither/ centralized nor decentralized systems), but for which very promising approaches that seem extremely practical can be applied. Alen _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
