Designing a Strong Authentication Protocol for OpenID in Realty Applications

Posted on October 1, 2007 by home_pw

Work in Progress.

Topic

In Tying FOAF identity with the identity semantics of OpenID – v2.7 we discussed how the conceptual model of FOAF could augment the notions of identity present in OpenID Auth 2.0. We extend that discussion in this memo by addressing the question: Can we apply SPARQL, FOAF and WOT to assure the asymmetric keys used to strongly authenticate an OP Identity? We propose a solution to several problems that we view as characterizing the current lack of strong authentication in OpenID protocols. We outline a study of how each solution element addresses a need in a Realty application of OpenID, and state why the solution to each problem is a proper security requirement for any realty infrastructure adoption OpenID.

Background Material

[For each core technology, provide a precis of the major components. Bias the presentation towards the elements that we will actually leverage]

OpenID

SemWeb

FOAF

WOT

SPARQL

Introductory Ideas

[State the main problem – OpenID lacks strong authentication. There is insufficient protocol to gauge assurance, in general.]

State subproblem #1:  Staying close to web means use HTML discovery, applying delegation. How do we propose putting an encoded SPARQL query into the delegation field?

State subproblem #2:  FOAF provides a method for reasoning with user-centric trust lists (knows: relations). How do we propose applying knows relations to assure the strong authentication of OpenID consumers to OpenID Providers ?

State subproblem #3: OpenID Consumers and OpenID Providers are mutually suspicious. How do allow one SPARQL query from the user’s delegation value to be applied by both the Consumer and the Provider?

State subproblem #4:  FOAF is not a standard part of OpenID Auth 2.0. How do we propose using namespace extensions to indicate the desire for SPARQL processing of FOAF files?

State subproblem #5:  OpenID extensions indicate the claims the Consumer wishes to receive. How do we propose using using SPARQL and FOAF to satisfy the requested claim set and perform claim transformation?

State subproblem #6:  FOAF normally contains public data. How do we apply AX, namespace extensions , SPARQL and additional FOAF classes to enforce access controls for a variety of policies?

Elements of Strong Authentication

[Outline the proposed solution components]

States

Messages

Processing

Impact of Strong Authentication on Realty Infrastructure

About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in OpenID. Bookmark the permalink.

Leave a comment