| Yubico Forum https://forum.yubico.com/ |
|
| Idea: Yubikey server to provide metadata store https://forum.yubico.com/viewtopic.php?f=5&t=188 |
Page 1 of 1 |
| Author: | iipee [ Sun Sep 21, 2008 5:03 pm ] |
| Post subject: | Idea: Yubikey server to provide metadata store |
To my knowledge centralized yubikey authentications server is used only for validating key. If your solutions needs any data stored for each key it uses your own database for store it (for example user name, email address etc.) For pincode and password it is obvious it should be in your own database but I think it would be nice option to be able to save some content to authorization server. Then it would be possible to call for example yubikey_client_request with extra tagname. If there is data blob stored for that tagname that data would be returned with yubikey response. We would need also a way to store that blob (somethink like yubikey_client_request_settag(...)). For example you could use it in DRM (digital rights management): If you had for example 10 yubikeys you could send for each tag called "ksjkUuh78randomTagName.securekey" (over https call): yubikey_client_request_settag(c, "dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh","ksjkUuh78randomTagName.securekey",mysecurekey) That data blob has a secret key that you use to scramble content. When user on a client side opens that document, it asks yubikey authorization and would get secret key only if yubikey is authenticated ok. I hope you get the idea and I would like to know if you like the idea at all? |
|
| Author: | wildchild [ Mon Sep 22, 2008 6:50 pm ] |
| Post subject: | Re: Idea: Yubikey server to provide metadata store |
Our company is working on such, but a much more advanced solution with possibilities to encrypt such data-on-the-go and more.. Very soon more available at RealIdent ; where you'll be able to store any bit of data you'd like; as long as it's not binary (to start with). The Yubikey is the perfect solution for access to such storage; where not only users will manage & have access to their content; but also API developers will be able to store their bits/read public data of their users. I'll be posting more about this "online vault"; in the meantime i'll be programming for the remaining weeks to get this product up-and-running ... |
|
| Author: | iipee [ Tue Sep 23, 2008 5:20 pm ] |
| Post subject: | Re: Idea: Yubikey server to provide metadata store |
Very cool -- Your service will be "man-in-the-middle" getting authorization from Yubico and adding/getting metadata to queries? My only question is, what will be your business model? |
|
| Author: | iipee [ Fri Sep 26, 2008 6:13 pm ] |
| Post subject: | Re: Idea: Yubikey server to provide metadata store |
iipee wrote: Your service will be "man-in-the-middle" getting authorization from Yubico and adding/getting metadata to queries? I actually tried that service. It gave me an error message "UNKNOWN-AES" -- Are you really goin to store Yubikey secret keys to your service? I'm not sure if I'm willling to give secret keys. Why don't you just forward query to Yubico service? Of course giving secret key to your server is an option but just an option if user want's to. |
|
| Author: | wildchild [ Thu Oct 02, 2008 12:16 am ] |
| Post subject: | Re: Idea: Yubikey server to provide metadata store |
I will be releasing more technical details very soon ; in short ; people will decide themselves if they want to release their AES key or not. We will also provide pre-programmed Yubikeys which will feature a lot more robuust features than the "guest edition" which is a pre-programmed Yubikey. The program works in different levels and with different containers; currently you will not be able to see your containers because I did not finish the "guest edition" yet ; I'm as-we-speak programming on the backend before I'll be touching the frontend. In about 3 weeks I'll be ready with results; if you got any yubikey in spare, I don't mind to link your yubikey id to a local identifier so you can soon see the features around it as soon as I finished the backend. We're fully working on making a text as human as possible; because I'm better in technical terms and issues and my business partner is surely better in translating that towards human terms. This text I'll publish here too. I think the Yubikey is a great window to new technologies and opportunities, and one of these is the possibility of extending identity towards integrity. Currently there are no easy tokens available which need almost zero user control and still maintain the integrity and identity of that person. Here in Belgium there is the identity card which also gives away details like the address. With our system people will be able to certify their information but filter the output in the way they want and still prove their identity. In short, the system will consist of granular authorisation with multiple containers. This with full encryption even-before-the-wire. The system will not only authenticate; it will also be able to give information with its free API about the user; with the information available which the user wants to give available. There are currently 6 types containers available; whereof 3 (semi) public and 3 encrypted local. Currently you could already login using your Yubikey as a matter of fact; you would just not see any containers; our system already connects underlying with the Yubikey server if it's not one of our yubikeys, to offer normal yubikey users also a taste of the brainmatter. I'll let you know more for sure very soon, although if you got any specific questions, always free to ask. Always be sure to keep the light on, else a grue might get you! |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|