This is just one of many
annotation system issues.
Authentication
Authentication is primarily used to verify that the
annotation author is who they say they are. To a
lessor extent, authentication is used to verify the
authorship of the original document.
The following schemes come to mind:
-
None
-
Avoid the issue. This is actually a viable
solution if the annotations are stored on
the annotation author's machine or if annotations
are immutable (can not be modified.)
-
Internet Address
-
Use the internet address to decide whether
someone can modify a document.
-
E-mail Address
-
Whenever an annotation is created or edited,
that fact can be relayed to the annotation
owner via E-mail. If an author receives
E-mail about a change or creation that they
did not make, extra action can be taken to
correct the problem.
-
Password
-
Use a password to verify the author.
Passwords can be snooped and/or cracked.
Also, people tend to be lazy and only use
one password so they can remember it.
-
Public Key Cryptosystem Authentication
-
Use public key cryptography in conjunction
with message digest algorithms to verify
the authenticity of an annotation. There
are patent and export control issues associated
with this one.
What other ones have been missed?
This file, version 1.2 of authentication.html, was last updated at
21:14:23 on 95/09/15.
Copyright (c) 1994,1995 --
Wayne C. Gramlich. All rights reserved.