Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Using OpenId provider to digitally sign documents

I am developing an application for which I would need the user to publicly sign a document : Making a public proof that he approves it.

I want this feature to be super user-friendly and not to require any knowledge about cryptography nor generation of public / private key by the user.

I also don't want this proof to rely on a trust toward "my" website, and would rather rely on the reputation of third party social networks for authentication : Facebook, Twitter, Google, ...

I think that all of them implement OpenId, right ? Is there an extension to OpenId, or a "workaround" to use it as a signing service ?

I think it would be great to be able to leverage the trust over widespread services like this, most of them providing some sort of "trusted" users.

Do you know any API, Standard or W3C recommendation to push toward such a common service ?

As a side note, I could think of a "diverse usage" of those platforms, by publicly publishing a hash of the document of their behalf, or asking them to do so, as a proof the approve it : the URL of the post would act as a "signature" as long as it stays available.

I asked the same question on stack-exchange :
https://security.stackexchange.com/qu...
2 people like
this idea
+1
Reply