I like the concept of setting up an OpenID system. I also believe this is a role that the larger AMPR group could do for the global amateur radio community and give the group a larger purpose. Stepping into the details a bit, I believe that OpenID requires an active network connection to function. I don't think that will work in supporting isolated networks, slow networks, or partially broken networks. Compare that to say an X.509 certificate system (like what LOTW uses) which can support offline validation. If we were to approach this project, I think we'd need:
- Identify the use cases we want to solve : access to networks, access to hosts/applications (BBSes, maybe Echolink, Dstar, whatever) that are online, occasionally offline, completely offline. Are any of these networks using amateur radio frequencies that cannot support encryption. How do we solve that situation? Can it we exceptions to the various governing bodies to allow it (ITU, FCC, etc)? Are there any options here to provide strong and secure authentication over amateur RF networks or must we only use the Internet?
- Identify a working community of people who are interested either in working on the technical aspects or the validation aspects of the solution. I do agree we should try to get the larger amateur radio bodies involved (IARU, RSGB, ARRL, etc - https://en.wikipedia.org/wiki/List_of_amateur_radio_organizations ). That will take a LOT of time but I don't think it will block any specific progress.
- Identify the workflows for each of those use cases - would be best to delegate different use cases to those people who both need them and have a passion to get them solved.
- Determine how to securely create a mesh of authentication nodes worldwide
- Create some policies around these nodes on creation, maintenance, security, auditing policies, etc.
I imagine some people might think there is a lot of bureaucratic steps in there and I agree. The reality is that we need to find a common point where everyone can both agree and maybe leverage existing systems (LOTW, etc) if deemed acceptable. HAM radio seems to naturally gather into little fiefdoms which would dilute and/or break the utility of a global authentication system like this. This team will have to constantly work to keep it cohesive and functional.
--David KI6ZHD