SINP is a set of protocols to transfer a profile/identity; to authenticate owners of identities and negotiate for restricted information in protocols. It’s designed to be simple, being based on HTTPS and XML.
You can find the first draft here.
Subversion repository: https://cvs.codeyard.net/svn/webid
Acknoledgements: it’s loosely based on other stuff that has been floating around the web, like Zef’s SPTP.
Comments would be appreciated.
Update: Photo’s are in of the presentation we’ve given about SINP last wednesday:
http://www.codeyard.net/fotos/capaward-1.php
Our presentation has got several penguin mascottes.
I had a quick read of the document and it looks quite nice. However the question is how sure are you that this is completely secure. You take credit card information as an example in your white paper, that’s quite something. You better be 100% sure this system is bulletproof. Did you have anybody who knows a lot about security have a look at it?
But it looks promising. Once you’re sure it’s secure the next challenge will be adoption. Do you have an implementation of it yourself yet? If you want it adopted you’d probably have to write some plug-ins or extensions to current web applications (like forum software) yourself to show that it works and people can easily start using it. You can’t really expect people to just grab your spec and start implementing at the start. It has to prove itself first.
And what kind of event was this you presented it at, something from your school or something?
I’ve send the specification to the research group security of systems of the Radboud University in Nijmegen. I’m waiting for a response.
The only weak point of which I know is that it uses HTTPS, which isn’t very strong — strong enough though to be used for other online services which take a creditcard number.
For the presentation I’ve made a proof of concept implementation, which supported the negotiation. At the moment I’m making an implementation that complies fully to the specification in Python and PHP.
I’ll indeed have to write plugins for existing software, but first I need to finish the initial implementation first :-). When I’ve got a client library in several languages, then the plugins won’t be that difficult anymore. I just need people to support it :-).
The event where we’ve presented it was a presentation for a project called Codeyard, which tries to involve high school students more with open source. The event was pretty cool — you don’t talk everyday with several professors security of systems and representatives of a 2 biljon profit/year company (capgemini).