On 3/26/07, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Fri, 2007-03-23 at 20:51 -0600, Randy Smith wrote:
> Greetings,
>
> I was recently discussing various issues surrounding email with a
> coworker and had a couple of ideas for authentication systems that I
> would like to get some feedback on. You can read my ideas at
>
http://perlstalker.blogspot.com/2007/03/mail-server-registries-and-foreign.html.
>
> As I said, I'm looking for feedback. Are these ideas worth pursuing or
> am I barking up the wrong tree?
It would seem OpenID is ideal for controlling a recipient's access to
information being sent using BURL style messages. OpenID means the
sender would not need to control how the recipient confirms their
identity. There would need to be a convention established to translate
email-addresses to a URI convention suitable for use with OpenID.
Perhaps. Simpler from the recipient's perspective would be to have the
send specify a the URL as part of the SMTP conversation.
This would protect message content as well as confirm the recipient
actually received their message. This seems like an ideal mechanism for
various sensitive commerce related transactions.
I hadn't thought of that but it might be an interesting fringe benefit.
By pointing to the
message with a URI, there would not be any need to verify the identity
of the message source. However, the source URI should use the same
conventions as that used for OpenID recipient.
As OpenID really needs a specialized viewer, where one designed to
function as an MUA would not be unreasonable. OpenID could also help
establish filtering criteria as well. OpenID is an interesting
mechanism.
Since OpenID is built to allow authentication, among other things,
against 3rd party systems, it seems like an excellent way to allow and
recipient server to authenticate all users who wish to send or deliver
mail with their server.
Thanks for taking the time to respond.
--
Randy Smith
http://vuser.org/
http://perlstalker.vuser.org/