- From: Miles Fidelman <mfidelman@meetinghouse.net>
- Date: Sat, 01 Jun 2013 17:16:18 -0400
- CC: "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
Melvin Carvalho wrote: > > I'm totally for using X.509 certificates for this and have been > arguing several years for their adoption. The bigcos are blocking it > so far due to UX. We were unable to get status.net > <http://status.net> to support it even though we had people ready to > work on the code. By all means do try and get X.509 deployed, I'll > write code for it, and support your messaging, but expect pushback due > to the X.509 user experience. > > X.509 is in extremely widespread use (can you say U.S. Federal Government), it's built into browsers and mail clients, there are modules to support it for Apache and other major web browsers, and there's infrastructure for generating and managing certificates. The problem is not with the technology, or its implementation. The problem is that key players don't want to adopt ANY open identity/authentication mechanism. Creating yet another technology or protocol won't change that. -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
Received on Saturday, 1 June 2013 21:16:42 UTC