Authorization and user data
I think a lot of things have already managed to get acquainted with the remarkable technology of OpenID, which is gaining momentum lately. After all, it’s really a good idea why registering with hundreds of sites, driving in the same data if you can register on one site and then log in to others through it.
Everything would be fine, but the trouble is that the authorization technology was done, and the data transmitted about the users did not standardize and the soup turned out, and the authorization form did not look very attractive with a huge list (I exaggerate, of course) OpenID servers, and yet Of them, I still need to finish something, well, in general, I think this time I have already noticed everything.
What else is unpleasant, let's say, is the huge number of these very OpenID servers, which are presented on sites in different sets. Well, by the way, many services to OpenID also try to fasten their special features, say ya.ru wants to add a trust index by the activity of its users.
')
All around are talking about the need for centralization ... hmm, yes, in general, I thought correctly, but the key point is the centralization of what and where? You can collect all all users on one server - that’s a good booty for hackers. Or you can simply collect all user data in one place and move it to a valid computer, or a personal host, of course a computer is better.
And how do I see the future of such a program:
You put it on a computer, fill in it with whatever data you want about yourself (from the most trivial FIO, DR, NICK, etc., to education, work, preferences, etc., etc.), the program keeps all this in encrypted form under the master password. Then you visit an interesting job search site, let's say hh.ru and you want to register on it. In general, the registration on it as such should already be absent, you just press the input and log in. In the “local passport” program, let's call it so, you have noted which fields to give automatically, and for which to ask permission. Suppose for authorization, the program requested a nickname, full name, etc., and email, the program gave them, your record was created on the server, you sent an email confirming the address, you activated it and happily logged in to your account. You are invited to fill in the summary, there is nothing easier! We press to create a resume and see a question from the program: "The site has requested data from you about education, work, etc.", you answer - "confirm the transfer of data." Voila, the resume is filled. Well, for a bigger buzz, we turn to livehh.ru, this is their community and fill in the photos, interests, etc., without driving in any data. Great, internet profile is full. A month has passed, you are hired, come back to the site, the data in your local passport has already been updated, let's say earlier. The site asks for data updates from you, you can allow in several modes: to allow / not to allow, and for each of the options, only now / always to choose from.
Authorization essentially remains the same OpenID, via the OAuth protocol, but we have a standardized structure of user information about which sites know and can request offline data storage, which can be more conveniently edited right on the computer and synchronized with other devices of theirs, and whose independence albeit very reliable services. At the same time, it still remains possible to check a person's captcha to distinguish him from a bot, and so on. That is, in fact, very little changes and the integration of such a solution can pass almost imperceptibly and without much effort.
I already plan and design this program, it will be open source, posted on sourceforge so if you want to join the development, you are welcome in PM.
Of course, there are a lot of problems, but first of all, the main task should be clearly understood - the development of the local data warehouse, there is no talk about fighting spammers, validation of data, credits and other things that we have already managed to unsubscribe, but of course, think about these problems can and will be needed.
Sooner or later, the Internet will come to this method of authorization, so you can hope for a pleasant surfing in the future and for your small contribution to the technology of the next and not very years. Yes, and just fun to do something useful.
I will be glad to comments, questions and discussion of the proposed model,
Constructive criticism especially welcome.
PS Before proposing an “analog”, carefully read the sentence or indicate what is not clear in it, please. I would like to discuss the proposal, and not all existing "analogues" :)
Everything would be fine, but the trouble is that the authorization technology was done, and the data transmitted about the users did not standardize and the soup turned out, and the authorization form did not look very attractive with a huge list (I exaggerate, of course) OpenID servers, and yet Of them, I still need to finish something, well, in general, I think this time I have already noticed everything.
What else is unpleasant, let's say, is the huge number of these very OpenID servers, which are presented on sites in different sets. Well, by the way, many services to OpenID also try to fasten their special features, say ya.ru wants to add a trust index by the activity of its users.
')
All around are talking about the need for centralization ... hmm, yes, in general, I thought correctly, but the key point is the centralization of what and where? You can collect all all users on one server - that’s a good booty for hackers. Or you can simply collect all user data in one place and move it to a valid computer, or a personal host, of course a computer is better.
And how do I see the future of such a program:
You put it on a computer, fill in it with whatever data you want about yourself (from the most trivial FIO, DR, NICK, etc., to education, work, preferences, etc., etc.), the program keeps all this in encrypted form under the master password. Then you visit an interesting job search site, let's say hh.ru and you want to register on it. In general, the registration on it as such should already be absent, you just press the input and log in. In the “local passport” program, let's call it so, you have noted which fields to give automatically, and for which to ask permission. Suppose for authorization, the program requested a nickname, full name, etc., and email, the program gave them, your record was created on the server, you sent an email confirming the address, you activated it and happily logged in to your account. You are invited to fill in the summary, there is nothing easier! We press to create a resume and see a question from the program: "The site has requested data from you about education, work, etc.", you answer - "confirm the transfer of data." Voila, the resume is filled. Well, for a bigger buzz, we turn to livehh.ru, this is their community and fill in the photos, interests, etc., without driving in any data. Great, internet profile is full. A month has passed, you are hired, come back to the site, the data in your local passport has already been updated, let's say earlier. The site asks for data updates from you, you can allow in several modes: to allow / not to allow, and for each of the options, only now / always to choose from.
Authorization essentially remains the same OpenID, via the OAuth protocol, but we have a standardized structure of user information about which sites know and can request offline data storage, which can be more conveniently edited right on the computer and synchronized with other devices of theirs, and whose independence albeit very reliable services. At the same time, it still remains possible to check a person's captcha to distinguish him from a bot, and so on. That is, in fact, very little changes and the integration of such a solution can pass almost imperceptibly and without much effort.
I already plan and design this program, it will be open source, posted on sourceforge so if you want to join the development, you are welcome in PM.
Of course, there are a lot of problems, but first of all, the main task should be clearly understood - the development of the local data warehouse, there is no talk about fighting spammers, validation of data, credits and other things that we have already managed to unsubscribe, but of course, think about these problems can and will be needed.
Sooner or later, the Internet will come to this method of authorization, so you can hope for a pleasant surfing in the future and for your small contribution to the technology of the next and not very years. Yes, and just fun to do something useful.
I will be glad to comments, questions and discussion of the proposed model,
Constructive criticism especially welcome.
PS Before proposing an “analog”, carefully read the sentence or indicate what is not clear in it, please. I would like to discuss the proposal, and not all existing "analogues" :)
Source: https://habr.com/ru/post/90058/
All Articles