We are considering replacing a Ziti TV episode with a monthly forum on ideas for OpenZiti.
The initial idea would be a live-stream where people could show up, talk about ideas that OpenZiti doesn’t implement yet, and help to move one or more of the projects in a direction that would be both directionally correct for OpenZiti, as well as interesting, useful and exciting for the person with the idea. The exact details are TBD but I’ve seen some projects use a public google sheet to facilitate the ideas that would be discussed. That’d help frame up the sorts of people from the maintainers that would participate as well.
Would that be interesting to the community?
- Yes, and I have one or more ideas and would love to participate!
- Yes, I would just watch right now.
- No, OpenZiti is doing fine without me, keep it up.
One area I would like to get involved with is using OpenZiti with 3rd party CAs to manage identities. I find this quite fascinating… as existing techniques seem just so last decade. I have also noticed a number of authenticator apps… but when I look at them… they still rely a public DNS… so what’s the point really?
Hence, having a native authenticator app would be really cool… I can see how the Ziti Desktop Edge could move in that direction… but is something that still relies on a third party tool
I am thinking of building something in Golang… but its so outside my skills… I feel like I am dreaming…
One area I find really lacking in authentication apps is to create a better recovery process… as their must be a better experience … as the last thing you want is a painful recovery process and fear of losing everything… after you have already lost your device… seems quite a gap in the market.
Anyway… anything in this area would be totally awesome… even just to learn more about how to make existing solutions better.
For this reason I switched to Authy for TOTP codes. You can have them shared between devices. This means when you lose your device you haven’t lost access to the codes. You might want to reset them up in the use case stated but having them transportable means changing devices is a breeze.
For windows client I am waiting for better integration with the windows certificate store. This would make using auto enrolment easier when means deployment which means less friction
Thanks for your response.. I want to see if we can take this further.. because if you lose those codes.. its going to get tricky.
One of the reasons why I started to explore this is due to a non technical business requirement
ability to create a strong identity.
Hence.. the key is not necessarily to create another identity.. as you already have as strong identity with a ziti certificate.. rather.. all that you need is another factor to validate you are who you are.
My view is that.. it should be an app where you have
#1 no codes that need to be backed up
#2 able to be recovered through relationships with people you trust
Obviously.. there is no perfect solution.. but what I see is that once mutual trust is established via strong identities.. it opens up a whole new world were back up codes.. app passwords etc all fall away in the background
Admittedly.. I have very limited experience with all of this.. rather.. I am trying to explore it from a non technical user.
In addition.. other authentication apps rely on a public internet to facilitate the authorisation
I am looking to make this only accessible over a Ziti network..
PS.. I have found an open source authenticator app.. maybe there is a way to integrate OpenZiti to do something really cool
Would that be something you would want to come to a/the monthly forum and explain, discuss, talk about? Or, would you be satisfied with any approach we might come up with so long as the key material wasn't stored soley on the hard drive (in a protected space, but still)
1 Like
I don’t mind coming to a forum about it. Then we can bandy around ideas of what would be good/bad etc.
Definitely like that approach.. makes a lot of sense to help prioritise activities