A private, ham only OpenID server? that should
provide authentication
as well as authorization for assorted servers. Make it stand alone &
not tied to any particular service like amprnet or echolink or LOTW.
make it freely accessible to anyone who wants to authenticate a ham
anywhere.
Yes, that is the basic idea, but it should not be limited to website usage
and it should be possible to retrieve attributes such as "is this a verified
licensed hamradio operator". The user list could contain outsiders,
unverified hams and verified hams, and the facilities available to them could
be different. E.g. a user who is not a verified ham would not be able to use an
Echolink-like service, but they could read and contribute to a mailinglist.
The service should offer some different APIs, e.g. RADIUS for user/password
authentication and maybe something like OpenID for website logon.
When a user has a valid account, he should be able to obtain client certificates
for use in services where that is appropriate.
The PKI design has to be careful, with some attention to detail a lot of
mishaps can be avoided. This requires expertise in the matter.
Rob