W3C home > Mailing lists > Public > public-credentials@w3.org > June 2015

Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS IS A PROBLEM

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 17 Jun 2015 17:42:23 +0200
Message-ID: <CAKaEYhJ9XK4OPPEi=Tp_BJS0n6hdQr5E1DEk764sH4kn24xBAw@mail.gmail.com>
To: Joerg.Heuer@telekom.de
Cc: Eric Korb <eric.korb@accreditrust.com>, W3C Credentials Community Group <public-credentials@w3.org>
On 17 June 2015 at 17:11, <Joerg.Heuer@telekom.de> wrote:

> Okay, let’s formulate my remark more correctly: It should be possible to
> store credentials outside of the browser, explicitly to allow for these
> different preferences. No problem with browsers implementing the same
> functionality. In essence we are talking about portability now.
>

Yes, I think that's the case.  And people are doing this already in a
variety of ways.


>
>
> *From:* Melvin Carvalho [mailto:melvincarvalho@gmail.com]
> *Sent:* Mittwoch, 17. Juni 2015 17:05
> *To:* Heuer, Jörg
> *Cc:* Eric Korb; W3C Credentials Community Group
>
> *Subject:* Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS
> IS A PROBLEM
>
>
>
>
>
>
>
> On 17 June 2015 at 16:57, <Joerg.Heuer@telekom.de> wrote:
>
> +1 to definitely not aim at storing credentials in the browser. I’d like
> to use different browsers on different platforms – and have them synced if
> I may…
>
>
>
> That's a design decision and people will have different preferences.  It's
> really important not to impose personal preferences onto others, here.
> Mozilla tried to do this and that's one reason Persona failed to become a
> standard.
>
> Estonia solve this quite neatly with the e citizen program by using a card
> reader.  The browsers have the ability to store credentials externally,
> which is a nice feature.
>
> It seems to have worked very well.  Once finland operate this, both
> belgium and holland have digital id schemes in the world.  I think
> estonia/finland is the most advanced.  There will be mounting pressure IMHO
> on denmark, norway, sweden and then germany to innovate:
>
> https://www.youtube.com/watch?v=L4J5yeyGu1A
>
> It's been a huge win for Estonia to date
>
> Adding the online national census capability cost only the census
> software, less than €10K, because the infrastructure was already in place
>
> compare the US: The 2010 census cost $13 billion, approximately $42 per
> capita
>
>
>
>
>
> *From:* Timothy Holborn [mailto:timothy.holborn@gmail.com]
> *Sent:* Mittwoch, 17. Juni 2015 16:52
> *To:* Eric Korb; Melvin Carvalho
> *Cc:* Credentials Community Group
> *Subject:* Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS
> IS A PROBLEM
>
>
>
> (Can't respond inline on Google inbox, as far as I can tell...)
> Re: credentials in the browser.
> So,
> How do you reset your tls cert? Say, for nanna...
> Are you suggesting you think credentials are unnecessary?
> What's the difference between trusting a data space service with your data
> vs. your credential access support.
> Do you think it's global or go home; or,
> Should every legal entity (and/or bot/agent) be able to "mint" a
> "credential", and what happens if your computer is stolen, or fails, or
> someone else is using your account on your computer.
> How does it support isolation of roles/persona.
> Communities at all levels share and disagree on an array of values. From
> images relating to local laws on nudity or gun licensing, to the cost of
> education.
> Who says one ring should rule them all...
>
>
>
> On Thu, 18 Jun 2015 at 12:17 am, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
> On 17 June 2015 at 14:23, Eric Korb <eric.korb@accreditrust.com> wrote:
>
> Interesting article.
>
>
>
>
> http://www.fastcompany.com/3044280/one-more-thing/the-ghosts-of-app-permissions-past
>
>
>
> Yep, it used to be even worse.  They used to phish your password:
>
> http://microformats.org/wiki/social-network-anti-patterns
>
> Mozilla persona still does this.
>
> I prefer to keep credentials in the browser.  This can be done today with
> X.509 or the web crypto API.
>
>
>
>
>
> ----------------------------------
>
> Eric Korb, President/CEO - accreditrust.com <https://www.accreditrust.com>
>
>
>
Received on Wednesday, 17 June 2015 15:42:51 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:24 UTC