SINP and Google Authentication

Bas put new information on his SINP protocol online. SINP is a decentralized single sign-on system. Based on some ideas and implementations floating around on the internet, like my SPTP (which had one big flaw because of which it never got off the ground).

I had a look at the spec before and it looks pretty good. Although I had some security classes I’m not a security expert but it seems pretty secure.

SINP allows you to have one single username (looking something like: zef@w-nz.com/sinp) and password that allows you to login to any SINP enabled website. So you no longer have to register and have different usernames and passwords for different sites. This is of course not a new idea, Microsoft’s Passport has been doing this for a while and there’s also the Liberty project. But both of these store all user’s information (password, personal info, maybe even creditcard number) centrally on their servers.

Google a couple of days ago launched their own single sign-on service. Basically you can now allow people to login to your own web-apps using the Google ids.

Basically you have to trust Google or Microsoft of the Liberty people with all your information which not everybody does (personally I don’t really have problems with it though). SINP does it a bit differently. Anybody can set up a SINP server. That means you can set up your SINP account with any company or organization you trust, and if you trust no-one you can set up your own.

The SINP people are currently working on PHP client and server and a Python client. They’ve been hacking up WordPress to allow people to post comments using their SINP ids. I tried this, but it didn’t work for me yet. I’m sure they’re still working on it. An interesting project to keep an eye on.

Update: It turned out the wordpress test blog didn’t work because I didn’t have a SINP document uploaded, I have one now, now it works.