W3C home > Mailing lists > Public > public-credentials@w3.org > June 2015

Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS IS A PROBLEM

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Wed, 17 Jun 2015 15:09:50 +0000
Message-ID: <CAM1Sok1a4Qifzm+a7gy_ZpK-+588VffHu2kvzbiYhfLMaC9sJg@mail.gmail.com>
To: Joerg.Heuer@telekom.de, Melvin Carvalho <melvincarvalho@gmail.com>
Cc: Eric Korb <eric.korb@accreditrust.com>, W3C Credentials Community Group <public-credentials@w3.org>
"It's really important not to impose personal preferences onto others,
here. "

This is the credentials CG, did you think this was the WebID CG? I don't
understand...

On Thu, 18 Jun 2015 at 1:05 am, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

> On 17 June 2015 at 16:57, <Joerg.Heuer@telekom.de> wrote:
>
>> +1 to definitely not aim at storing credentials in the browser. I’d like
>> to use different browsers on different platforms – and have them synced if
>> I may…
>>
>
> That's a design decision and people will have different preferences.  It's
> really important not to impose personal preferences onto others, here.
> Mozilla tried to do this and that's one reason Persona failed to become a
> standard.
>
> Estonia solve this quite neatly with the e citizen program by using a card
> reader.  The browsers have the ability to store credentials externally,
> which is a nice feature.
>
> It seems to have worked very well.  Once finland operate this, both
> belgium and holland have digital id schemes in the world.  I think
> estonia/finland is the most advanced.  There will be mounting pressure IMHO
> on denmark, norway, sweden and then germany to innovate:
>
> https://www.youtube.com/watch?v=L4J5yeyGu1A
>
> It's been a huge win for Estonia to date
>
> Adding the online national census capability cost only the census
> software, less than €10K, because the infrastructure was already in place
>
> compare the US: The 2010 census cost $13 billion, approximately $42 per
> capita
>
>
>>
>>
>> *From:* Timothy Holborn [mailto:timothy.holborn@gmail.com]
>> *Sent:* Mittwoch, 17. Juni 2015 16:52
>> *To:* Eric Korb; Melvin Carvalho
>> *Cc:* Credentials Community Group
>> *Subject:* Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS
>> IS A PROBLEM
>>
>>
>>
>> (Can't respond inline on Google inbox, as far as I can tell...)
>> Re: credentials in the browser.
>> So,
>> How do you reset your tls cert? Say, for nanna...
>> Are you suggesting you think credentials are unnecessary?
>> What's the difference between trusting a data space service with your
>> data vs. your credential access support.
>> Do you think it's global or go home; or,
>> Should every legal entity (and/or bot/agent) be able to "mint" a
>> "credential", and what happens if your computer is stolen, or fails, or
>> someone else is using your account on your computer.
>> How does it support isolation of roles/persona.
>> Communities at all levels share and disagree on an array of values. From
>> images relating to local laws on nudity or gun licensing, to the cost of
>> education.
>> Who says one ring should rule them all...
>>
>>
>>
>> On Thu, 18 Jun 2015 at 12:17 am, Melvin Carvalho <
>> melvincarvalho@gmail.com> wrote:
>>
>> On 17 June 2015 at 14:23, Eric Korb <eric.korb@accreditrust.com> wrote:
>>
>> Interesting article.
>>
>>
>>
>>
>> http://www.fastcompany.com/3044280/one-more-thing/the-ghosts-of-app-permissions-past
>>
>>
>>
>> Yep, it used to be even worse.  They used to phish your password:
>>
>> http://microformats.org/wiki/social-network-anti-patterns
>>
>> Mozilla persona still does this.
>>
>> I prefer to keep credentials in the browser.  This can be done today with
>> X.509 or the web crypto API.
>>
>>
>>
>>
>>
>> ----------------------------------
>>
>> Eric Korb, President/CEO - accreditrust.com
>> <https://www.accreditrust.com>
>>
>>
Received on Wednesday, 17 June 2015 15:10:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:24 UTC