A number of cool services (like BBS, Linux shells, Fediverse/Mastodon clients, E-Mail(-ish), etc.) could be offered over OCTOI, but some form of authentication would be required.
We’re living in the virtual 90s here, so our options for encryption, etc. are a bit limited
I’m thinking of options for centralized user account management for low security applications, which would also be viable for terminals.
Personally, I’d love to have some sort of central user account management (Keycloak, LDAP, etc.).
A little web interface could be used to configure the account, manage access, etc.
TOTP Authentication
One possible mechanism would be using TOTP as the “password”.
The user would create an account at the central registry, get a TOTP token (QR code, etc.) like normal.The user could then connect to a (3rd party) service, types in their username and the current TOTP token. This token is validated against the (central) OCTOI authentication API.
This would have the benefit of limited impact in case of a logged/stolen/etc. token. 6 digits are also easy to type on any device.
BBSes like Synchronet could be easily adapted to this mechanism (
exec/login.js
).
URL/QR Authentication
The service would display a special URL for login, which the user could then access on a modern PC/phone/etc. and would then be logged in for the current session.
ASCII art QR codes could be used on platforms which support this.
This is actually pretty secure (in contrast to the TOTP mechanism), but also much more inconvenient.
Writing these mechanism is a bit of work, but I think it’s useful anyway.
This would also enable features like central accounting and logging.
Having a way to see call logs, connection logs, maybe even PCAPs/B-channel recordings could be really useful.
Comments? Ideas for other authentication schemes?