A web of trust for users to login to a local community website, or use their "home network" credentials to authenticate to otherwise untrusted community websites.
Needs
- A user should be able to login to a community website locally, or use their "home network" credentials
- A meta network organization should be able to leverage trusted network authentication servers through radius or other login mechanisms
Potential Implementation
User visits www.localcommunity.net, clicks login
www.localcommunity.net redirects visitor to https://www.bcwireless.net/login/?dest_web=https://www.localcommunity.net
https://www.bcwireless.net/login/?dest_web=... checks localcommunity.net in database registry
- If unknown, display warning. If agreeable, proceed, otherwise, bail. If known in registry, present login form
- User logs into bcwireless.net using bcwns credentials.
- If invalid, displays error. Return to website or try again.
If succesful, returns to https://www.localcommunity.net/<stored xmlrpc server>?_bcwns_token=<token of authent>
- If invalid, displays error. Return to website or try again.
- User logs into bcwireless.net using bcwns credentials.
- If unknown, display warning. If agreeable, proceed, otherwise, bail. If known in registry, present login form
localcommunity.net retrieves token. places xmlrpc call to https://www.bcwireless.net/login/xmlrpc.php?_bcwns_token=token
https://www.bcwireless.net/login/xmlrpc.php verifies against token store against shared website key.
- if failure, invalidate the login and increment user profile "bad login" counter if success, validate the login and return public identity
= Databases =
- applications
- website space website key website xmlrpc interface owner
- state
- user website status - logged in | identity shared
Timeouts
- Time between token pass and identity retrieval less than 2 minutes
