so and so over ad base4.net wrote about going “beyond stateless” by using method-less objects, and I found it interesting. This thing that intrigued me after reading the article was something completely different: the idea of using the client to store their own data.
I’ve often thought to myself that a form pf public key encryption should be used for web authentication… removing the hassle of the user name and password altogether… But why not take it a step further, and use it for encrypting the data? You could then have the client store the data for you and transmit it back over the wire when necessary.
I’m not talking about anything like Flickr not saving images on their servers here, I’m talking about things like contact information, notification settings, online social relationships, and preferences. Obviously not all data would be storable in this format, but the biggies could be name, social, email, credit card numbers (preferably with different keys so that you were able to delegate access on a per detail basis: None, Name, Contact info, Payment Processing, etc.
All it would take is a very lightweight fast client store (a la OpenLDAP which reads faster than it writes) and reversible encryption.
Now this would be a disclaimer: “We value your privacy, and therefor do not keep any of your personal information, preferences, history, or other records on our servers. That data is stored on your computer in a 2048 bit encrypted form. Therefore if a hacker were to penetrate our servers they would find absolutely no information which could be used against you”
So and so is me! Alex!
A twist on your idea would be to use an online cloud store like S3. Which supports URLs that are valid for a specified period. You could give these companies access for a specific period (maybe 6 months) and then when they need access again they request it (via SQS or something similar) and you decide whether on not to give them another expiring URL.