RE: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS IS A PROBLEM

+1 to definitely not aim at storing credentials in the browser. I’d like to use different browsers on different platforms – and have them synced if I may…

From: Timothy Holborn [mailto:timothy.holborn@gmail.com]
Sent: Mittwoch, 17. Juni 2015 16:52
To: Eric Korb; Melvin Carvalho
Cc: Credentials Community Group
Subject: Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS IS A PROBLEM

(Can't respond inline on Google inbox, as far as I can tell...)
Re: credentials in the browser.
So,
How do you reset your tls cert? Say, for nanna...
Are you suggesting you think credentials are unnecessary?
What's the difference between trusting a data space service with your data vs. your credential access support.
Do you think it's global or go home; or,
Should every legal entity (and/or bot/agent) be able to "mint" a "credential", and what happens if your computer is stolen, or fails, or someone else is using your account on your computer.
How does it support isolation of roles/persona.
Communities at all levels share and disagree on an array of values. From images relating to local laws on nudity or gun licensing, to the cost of education.
Who says one ring should rule them all...

On Thu, 18 Jun 2015 at 12:17 am, Melvin Carvalho <melvincarvalho@gmail.com<mailto:melvincarvalho@gmail.com>> wrote:
On 17 June 2015 at 14:23, Eric Korb <eric.korb@accreditrust.com<mailto:eric.korb@accreditrust.com>> wrote:
Interesting article.

http://www.fastcompany.com/3044280/one-more-thing/the-ghosts-of-app-permissions-past


Yep, it used to be even worse.  They used to phish your password:

http://microformats.org/wiki/social-network-anti-patterns

Mozilla persona still does this.
I prefer to keep credentials in the browser.  This can be done today with X.509 or the web crypto API.


----------------------------------
Eric Korb, President/CEO - accreditrust.com<https://www.accreditrust.com>