Could user based multifactor authentication into Solid be the end of passwords?


#1

Very excited about this project which has been needed for a long time. I’m interested to know how to get more involved!

Some thoughts -:

Could the service make the move to become fully encrypted from login to protect its users from malicious actors and the threats of the internet now?

If Solid offered MFA and a federated Identity and Access Management solution based on the user to handle authentication to integrated services there may eventually be no need for people to remember passwords.

If becoming a provider of services/apps for Solid involved opt-in security measures/content control and adoption of mandated legal/SDLC/Codebase/audit procedures this evolution of the internet could become considered ‘regulated’.

Seems potential here to fix the actual problems of the internet…


#2

Hi Ctriddel,

The best way to get involved is to build a a Solid app. Here are some instructions on how to get started https://solid.inrupt.com/docs/getting-started

Indeed, security and data protection are very important elements of Solid.

Mitzi


#3

Yeah, I think this is one of the things that Solid should be able to do for us. I hope we will be able to have a good abstraction around authentication to obtain a WebID, we should be able to plug in systems of various strengths, and indeed, make some of the strongest systems widely accessible and used.

Is this a line of work you are interested in working in, @ctriddell, and do you have any opportunities to work in that direction now?


#4

Hi Kjetil

That’s great news and I am actually looking for a new project but I’m unsure what I can commit to just now as I’m at a crossroads professionally also and have a family to look after. Do you have some work I may be able to contribute to? I have an engineering and support background having transitioned into information security where my current role is as a specialist for a blue chip media company. I am degree educated and currently hold CISSP with the intention to sit CCSP in the next few months. I also probably need to get this updated on LinkedIn as my social media participation has been rather low key to date!

Thanks

Chris


#5

Great stuff!

Given your interest, I think it would be interesting if you could look into how you can hook in multifactor authentication with WebID. Currently, the main focus is WebID-OIDC, and as you probably know, OIDC is built on top of OAuth2. The spec is here: https://github.com/solid/webid-oidc-spec
I’m not aware of any other work, but I know that the Norwegian government runs a OIDC platform over several 2-factor authentication schemes. I think it would be very interesting to see how this would work.

If you’re just wanting to get your feet wet,as @MitziLaszlo said, one possibility is to start writing some apps of your liking, but we certainly could use work on the backend. We’re trying to stabilize the current code, so that it can live for a while until we can rengineer it properly. So, we’re currently running this project:


Feel free to pick! There are also issues label inrupt-sprint, which is what we are trying to do shortly, but also some good first issue labels. Please have a look around!