Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hardware Based OpenID Service Available

Posted by ScuttleMonkey on from the welcome-to-your-next-new-buzzword dept.

An anonymous reader writes "TrustBearer Labs has announced a new service that lets you use various hardware based security tokens like smartcards and biometric devices with OpenID. A hardware based connection to OpenID allows higher levels of security and makes it easier for the end-user to control their credentials. OpenID is a decentralized cross-site authentication system that has been gaining momentum for quite a while now with major supporters like AOL, Google and Microsoft already announced."

4 of 119 comments (clear)

  1. Re:Tell me sales man by sm62704 · · Score: 3, Funny

    Imagine a beowolf cluster of them (shudder)

    In Soviet Russia, biometrics validate YOU

    Sorry, I can' think of a Natalie Portman joke. I guess I fail it.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  2. Re:Anything like verasigns pip? by Jeffrey+Baker · · Score: 4, Informative

    That's really not the same at all. With a SmartCard your keys and certs are in your physical control. The key or cert never leaves the card, and crypto operations also are done on the card. With VeriSign, VeriSign enslaves your identity. They own it, and you have to use the RSA token readout to get VeriSign to unlock your identity temporarily. These are fundamentally different operating principles.

  3. Decoupled authentication by Bogtha · · Score: 4, Informative

    The is something I was trying to explain the last time OpenID came up on Slashdot. Because authentication isn't done by the websites and web applications themselves, it means users can shop around for an authentication system that suits them, and none of the websites or web applications that you log into need worry about it. If/when OpenID starts to become mainstream, I'd expect to see a lot of interesting work done on authentication. A hardware scheme like this isn't feasible if you have to persuade each individual website and web application provider to implement it.

    So, when can we log into Slashdot with our OpenIDs? Has there been any word on the subject at all from Taco et al?

    --
    Bogtha Bogtha Bogtha
  4. REMOTE_USER by thanasakis · · Score: 3, Interesting

    As long as the openid provider (the party that provides the identity by utilizing an authentication mechanism) can access the the REMOTE_USER env variable or something equivalent, it can perform its duty normally. I think it is really not important whether there is username/password based authentication or PKI authentication using soft tokens or hardware crypto tokens or biometric authentication or one time passwords or whatever else. It is up to the implementor of the service to decide what kind of authentication will be used according to his/her requirements. Using an external authentication mechanism can slightly perplex the situation on how logout is performed (as it is dependent on the auth mechanism) or on how attribute based authorization is being carried out.

    But overall it gives great flexibility to the implementor because he/she can layout a scheme were existing authentication/authorization infrastructures (like an institution's LDAP for example) can be used in a cross platform way to offer web based identity.