I was reading a few medium articles about distributed authentication when it dawned on me that SAFENetwork would be rather good at this out of the box.
Example flow:
- User enters SAFENetwork public message id as username on clear net site.
- Clear net site sends authentication request message (say, a sha256 hash) to public message id, receiving public key in process.
- User’s authentication app asks user to confirm authentication request is valid. If so, It echoes message as reply, signing it in the process.
- Site confirms receipt and that signature is valid and logs user into clear net site.
Variations could be to have small of large TTL to allow shorter/longer revocation time.
The authentication app would be a pretty simple bolt on to SAFENetwork messaging layer, as used by chat demo app.
No passwords, no oauth, no leaking of personal data.
I am sure better solutions could improve on this, but it would be pretty slick and secure, from a brief ponder on it.
Edit: note that site would need a client/agent installed to communicate with SAFENetwork.