I feel conflicted. OAuth gets a lot correct in so far as most sites don’t have to deal with a lot of difficult auth bits, but also I don’t like having to rely on big (usually social media) companies to be the auth source.
I think about dnssec a lot.
It feels to me like there should be some form of public key infrastructure where there is a global root key (or short list of) then providers that can issue certificates out to other smaller organizations or individuals who could then use that source of trust to prove who they are. Imagine OAuth but you could just fill in your provider of choice (self hosted?) and if the certs checked out everything would verify correctly.
That being said who does the bits around ensuring that you are who you say you are. I suppose a government body running such a system could work though I sweat at the idea of going to the dmv to reset a forgotten password or report a stolen identity.
Idk maybe if I think about this enough I can come up with a cryptography secure system…
I feel conflicted. OAuth gets a lot correct in so far as most sites don’t have to deal with a lot of difficult auth bits, but also I don’t like having to rely on big (usually social media) companies to be the auth source.
I think about dnssec a lot.
It feels to me like there should be some form of public key infrastructure where there is a global root key (or short list of) then providers that can issue certificates out to other smaller organizations or individuals who could then use that source of trust to prove who they are. Imagine OAuth but you could just fill in your provider of choice (self hosted?) and if the certs checked out everything would verify correctly.
That being said who does the bits around ensuring that you are who you say you are. I suppose a government body running such a system could work though I sweat at the idea of going to the dmv to reset a forgotten password or report a stolen identity.
Idk maybe if I think about this enough I can come up with a cryptography secure system…
You just invented passkey with oauth.
Just as long as it can be run in capitalism!