Follow

I'm honing an elevator pitch for a new side project. What do you think of the following?

[name] is an identity provider to securely authenticate end users and applications on behalf of online services using industry standard protocols. It provides an API for securely storing and managing data about and credentials for end users, applications, and other entities related to authentication.

That's 44 words. Given a normal speep of speech of 100 to 200 words per minute, should be sayable in 30 s.

@Lars Wirzenius Looks like something I'd be interested in, so I'd check it out base on that pitch :)

@harald Thanks. I'll be posting more when things progress.

@liw That says what it *is*, not what it *does* or why it would be successful.

[name] allows services to offload their security concerns with identity to its service, and provides end-users with a rich collection of options to store more of their critical data securely in the cloud.

If you're protecting the end-users, don't tell the service providers, because they don't care about that, they want to exploit them.

@jim That's a good point. I'm going to iterate on this more.

New version:

Yuck is an identity provider that allows end users to securely authenticate themselves to web sites and applications. Yuck also allows users to authorize applications to act on their behalf. Yuck supports the OAuth2 and OpenID Connect protocols, and has an API to allow storing and managing data about end users, applications, and other entities related to authentication.

I've not tweaked the elevator pitch, but I've sketched the architecture document a little: files.liw.fi/yuck-arch/

Feedback is welcome.

@liw Authorization is happening at the application frontend and API clients?

It uses access tokens provided by the IDP after user authentication?

@lufthans The IDP keeps track of what each end user is allowed to do ("scopes" they're allowed to have), and embeds the scopes in the digitally signed access token. The RP implements access control checks based on scopes and other information in the token.

@liw so the IDP need to know or discover objects and capabilities for granting access?

for instance, know that the bank statement exists and read-only is one permission that can be granted for that type of object?

@liw If you want grammar and typo suggestions/fixes, see below. If not, then ignore it :)

s/An IDP interacts/& with/

s/for security reasons/& there/

s/authenticate themselves/&\)/

s/doens't/doesn't/

Sign in to participate in the conversation
Social Nasqueron

Nasqueron is a budding community of creative people, writers, developers and thinkers. We focus on free culture, ethics and to be a positive change. We share values like respect, justice and equity.