In Slovenia where I'm from you have to go to a government location, same place that gives out IDs and passports and such, show your government issued ID and sign some paperwork. You are then given a digital certificate that you can use for online banking and e-government stuff. Proper RSA stuff. You install it on your computer and your browser uses it to sign requests.
Seems like a pretty good way to do it, if you ask me.
A slightly more efficient, if less secure, way is how Apple does it for their Apple Developer program. You have to prove to Apple in a way they like that you are who you say you are, then you are issued a certificate with which to sign your apps. That could work too.
I think a dedicated device (e.g. smartcard or USB dongle) is a better option. I know they've had their problems, but personal computers get owned all the time, since they're simply too exposed.
The part I liked about the system in Slovenia isn't so much the particulars of where or how the certificate is stored, but about how it's issued. Since the bit I was answering was "But how do you map a key to a person"
In Slovenia where I'm from you have to go to a government location, same place that gives out IDs and passports and such, show your government issued ID and sign some paperwork. You are then given a digital certificate that you can use for online banking and e-government stuff. Proper RSA stuff. You install it on your computer and your browser uses it to sign requests.
Seems like a pretty good way to do it, if you ask me.
A slightly more efficient, if less secure, way is how Apple does it for their Apple Developer program. You have to prove to Apple in a way they like that you are who you say you are, then you are issued a certificate with which to sign your apps. That could work too.