[FoRK] DNT: another example of "you can't make this shit up"

Gregory Alan Bolcer greg at bolcer.org
Tue Oct 16 06:18:55 PDT 2012


You can forge sessions and steal cookies.  Persistence of identity means 
there's just a cryptographic correlation between the two separate 
accesses.  Web sessions have very specific formats and meanings, most of 
which isn't needed to provide sub-resource access.

Simply the problem I was solving was a couple things.  First, 
guaranteeing that a user had paid for access without checking with a 
centralized server or a db lookup.  Second, eliminating the use of 
passwords and user accounts and registration.  Third, amortizing the 
"pain" of a purchase by reducing the steps to do a secure payment and 
then being able to transparently maintain the access tied to the payment 
even over time and repeated visits.  Fourth, hiding the user identity 
from the content provider so that they never see identifying 
information, aka cash, while still providing a guarantee.

It's automated provisioning micro-access.

Greg


On 10/16/2012 12:04 AM, Stephen D. Williams wrote:
> What is "persistence of identity"? Isn't that just a "session"?
> Identity isn't just a name, it is a unique identity that may have some
> degree of identification and disambiguous characteristics.  A session
> should have its own identity.  If you want to associate some access with
> the session, then the identity of the user may be how you choose what to
> show but the session is what is being matched between transactions.
>

-- 
greg at bolcer.org, http://bolcer.org, c: +1.714.928.5476


More information about the FoRK mailing list