I am at the very early stages of developing a shared authentication scheme (SAS). Often referred to as single sign on, but a fundamentally different concept, the scheme hopes to assign a single set of credentials to each user (username, password etc), which they can then use to sign on to a range of websites. The server will be proprietary software, but the client implementations will be open: this is mainly in the interests of security rather than making a huge amount of money – the service will be free for users, and free for small to medium sized websites, the threshold of which is yet to be set. The scheme draws inspiration from several existing and similar schemes. The client will redirect the user to the server to authenticate on one of any number of levels. Initially, this will just be done by using a username/number and a password, but in the future will expand to features, such as private information authentication (ie using date of birth, place of birth etc) or even smart card authentication, if demand is such that we can implement it cost effectively. Upon authorisation, the server will redirect the browser back to the client website to enjoy their membership benefits. The company will be registered in the UK, and hence will be subject to strict data protection laws. Despite this, the scheme hopes to minimise user ‘form filling’ by storing and providing a central database of basic personal details: at this stage, there will certainly not be storage of any bank details etc. The server and client will initially be programmed in PHP, so I wanted to gather some opinion on whether people wanted another SAS, and what would make them use it over any other?? The company will be there, not only to serve the end user, but to serve the developer as well. If anybody wants to be one of the first users/developers, feel free to contact me on this email address and I will keep you posted. At this stage, a name has not been confirmed due to the lack of domain, and I am operating as an individual until such time as the code and service goes public. I hope to rectify this in the coming days: watch this space. Thanks in advance, Alex Chamberlain
