[HamWAN PSDR] Let's talk about identity

Bart Kus me at bartk.us
Sat Apr 1 13:19:03 PDT 2017 


No, not that kind of identity.  Digital identity.  Used to inform 
networks and computers about who you are.  In my brief research on this, 
Wikipedia has listed a few systems:

 1. SAML
 2. OAuth
 3. OpenID
 4. CAS

There are of course other systems, such as X509 certificates, or just 
plain old trusted keys or fingerprints.  The question is, which of these 
systems are appropriate for use on Part 97 airwaves?

The big P97 restriction we have is no use of secrecy or encryption.  
Early on we realized this means any system which relies on shared 
secrets (such as passwords) is not going to work well.  One system that 
does work really well is public/private key based authentication.  SSH 
key authentication and TLS client certificate authentication work really 
well because of this. However, those systems are not without problems.  
Both of them need to have the encryption option turned off, which 
requires a custom ssh client and server for SSH, and is nearly 
impossible to do with any modern web browser for TLS.  Other 
applications that use TLS will also have the same challenge.

I'd like to identify some acceptable identity systems for web browsers 
and web applications.  It would be great if they could also be used for 
email clients (Thunderbird, Evolution, KMail, etc), and other 
applications like file shares.

I haven't looked into security tokens at all yet, but those may work.  
That is, to plug a token into USB or tap it via NFC (cell phone case), 
and have yourself identified.

Is anyone aware of which systems may be compatible with Part 97 and work 
in a user-friendly way?

--Bart

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20170401/aeac9662/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 300px-Apache_Helicopter_Firing_Rockets_MOD_45154922.jpg
Type: image/jpeg
Size: 13670 bytes
Desc: not available
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20170401/aeac9662/attachment.jpg>

More information about the PSDR mailing list