General Improvements

[jaxoncreed]

General ideas for improvement

• Formalize the PoP token standard
• Find the correct approach to do multi-RS authentication (try to make it as close to what currently exists)
• Use of self signed authentication (without an identity provider)
• Document differences between in-browser apps and services
• Interop with other decentralized auth
  • DID Auth
• Multi User Device auth (with alternative sensors ie no keyboard or mouse)
• Biometrics authentication
• Opaque authentication (accept claims without telling a resource server who you are)
• Verifiable claims (property based authentication)
• WebAuthn
• WebID-TLS
• HTTP2 enabled?
• WebSocket authentication
• Interop with SAML and ActiveDirectory (Other IDPs)
• Keeping Storage system implementations simple (Don't have a ton of different ways for storage servers to confirm identity)

[elf-pavlik]

Keeping Storage system implementations simple (Don't have a ton of different ways for storage servers to confirm identity)

IDPs can have great variety of authentication, this way person can choose their IDP that supports what they need and participate in any group WAC controlled storage which only needs to support common standard (if possible one).

[zenomt]

Use of self signed authentication (without an identity provider)

as we discussed on the call, supporting the magic issuer https://self-issued.me and a public key in the profile isn't that much work, but it does require a little bit of special-case code. the benefits are:

• marginally easier to set up on an ordinary static web server
• enables on-device authentication (for example, a native app on a mobile device) using the self-issuer workflow envisioned by OIDC

[elf-pavlik]

I think we should copy original comment to https://github.com/solid/authentication-panel/tree/master/meetings and close this issue

We already have other issues capturing most of the points

• Identity Broker Pattern Identity Broker Pattern #5
• consider support for OIDC self-issuer consider support for OIDC self-issuer solid-oidc#91
• Alternative protocols for resolving WebIDs Alternative protocols for resolving WebIDs #16
• Authenticating Users Authenticating Users #27

If someone see need to create specific issue, which we can close by following up on it with PR, one can do it before or after closing this issue.