On 2 November 2013 14:02, Mike Hearn <mike@plan99.net> wrote:
On Sat, Nov 2, 2013 at 6:01 AM, <bitcoingrant@gmx.com> wrote:

In brief, the authentication work as follows:

 

Server provides a token for the client to sign.

client passes the signed message and the bitcoin address back to the server.

server validates the message and honors the alias (optional) and bitcoin address as identification.



I actually use client certificates for almost all of my authentication.

It's true that the browser manufacturers have created an UX which is not ideal, and very little effort is made to improve it.  But it is possible.  See this project from Mozilla labs.

http://www.azarask.in/blog/post/identity-in-the-browser-firefox/

Unfortunately this got killed :(

More popular is the trusted third party model like OAuth or Persona.  There's a conflict of interest as well, because browser manufacturers are often identity providers too, so there is an incentive to push TTP technology.

There's two elements here.  One is paswordless login (which I love).  The other is who controls your identity.  I like to control my own identity (in my browser) using PKI.  But facebook and the big webmail providers have a lions share of the market. 

The way to shift the balance is to offer the right incentives.
 

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development