Need for non-social media based authentication. #1948
Description
Problem:
I am looking at implementing the Polis system as a means to build consensus within several local communities, one of a few hundred people and other a few thousand. However, while the majority of these potential participants have Internet access, they also do not use social media. For Pollis to be a viable option that takes full advantage of being able to comment and visualize the results, each person needs to be able to track their responses and submissions over time. Additionally, in some cases, it would be good to limit contributions to those who are part of the community (for example, limiting contributions to registered voters). Twitter and Facebook are not viable authentication options for these communities and are themselves subject to corrupted identity authentication.
Suggested solution:
The Pollis documentation mentions a possible option for using a limited e-mail list, but that seems to have been sidelined or at least is not currently functional. This would be a reasonable place to start, though as noted in the system documentation, this is also not without it's own vulnerabilities. Guidance as to how to implement this within the current system would work for an initial deployment as there already appear to be the necessary hooks. If someone can point me to what needs to be changed or included to build the system with these options, that would at least get me started.
Alternative suggestions:
An alternate, and potentially much more robust approach would be a cryptographic or certificate-based authentication, much like what is being used for Internet server authentication. Once a person is validated and/or registered and they receive a certificate, they then use the certificate to validate their identity for comments and participation. This certificate-based registration and management could be either handled locally, or handled by a 3rd part in the same way as server certificates, and could include CRL's for compromised or invalidated certificates.
Additional context:
My feeling is that true identity-based authentication is quickly becoming a critical element of democratic process, that at the moment is both lagging behind our current electronic systems, and is needed to minimize the impact of outside parties seeking to corrupt the democratic system. I do not believe that either Twitter or Facebook represent trusted parties for authenticating users given the number of bot accounts, so we need an alternate approach.
I would be willing to assist in developing and implementing an authentication module within Pollis to provide for more controlled and validated participation within communities.