CodeCo '05: ApacheCA

As seen here.

Originally meant for auth and id for Apache people, now has an open CA for anybody to create signed certs, groups and stuff.

Opinion.1: The Apache root cert shouldn't be dependent upon Verisign, or anyone else.

Op.2: Once live, Apache's root cert should be included in the FireFox install. People should be able to secure their websites without paying Verisign a dime.

Observation.1: Apache could provide a pluggable, secure solution to the issue of auth and id in the context of online communities and P2P networks, and one that's considerably more palatable than Passport or the Liberty project, owing to Apache being non-profit and having better whuffie than MS or the Liberty project's backers.

Obs.2: I've said elsewhere that SSO is a bad idea in principle (because it commutes credentials across security domains), but that's something else that could be done with this if you wanted to.

No comments: