W3C home > Mailing lists > Public > public-identity@w3.org > October 2011

Re: Draft Web Identithy Working Group Charter for Discussion

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 18 Oct 2011 22:29:47 +0200
Cc: public-identity@w3.org
Message-Id: <BCB2B906-6983-4B99-BFB8-6035FEB40645@bblfish.net>
To: "Harry Halpin" <hhalpin@w3.org>

On 18 Oct 2011, at 21:58, Harry Halpin wrote:

>> 
>> On 18 Oct 2011, at 21:05, Harry Halpin wrote:
>> 
>>>> sounds good, but why no mention of WebID?
>>>> 
>>>> Henry
>>> 
>>> At the workshop, it seemed people wanted to focus on API based work
>>> first
>>> such as the Crypto API, and certificates were discussed but thought of
>>> as
>>> out-of-scope for this future working group, although the W3C would be
>>> happy to see future work around certificates (everyone agrees current
>>> situation is a mess). The one idea that came up was a possible future
>>> workshop focused more narrowly on certificates.
>> 
>> The WebID working group is not a working group about certificates. It is
>> about tying
>> TLS/SSL to identity to the web using simple web architecture. The most
>> active list of all
>> the groups you have created recently is the WebId XG list. Few of us were
>> present in
>> California during your discussion. So perhaps you could take that into
>> account, and allow
>> us to have a discussion of how webid can tie into these other protocols.
>> We did not
>> look at that in the WebID XG simply in order to make sure we could deliver
>> something.
>> 
> 
> Currently the WebID work does depend critically on certificates, which is
> why I brought that option of another workshop up (as there's no
> non-certificate purely API-based option in your draft spec).

It does not depend critically on certificates Harry. Not any more than BrowserID does in any case. All that browserid is doing is creating JSON based certificates. As I argue int this comparison between BrowserId and WebID on stack exchange

http://security.stackexchange.com/questions/5406/what-are-the-main-advantages-and-disadvantages-of-webid-compared-to-browserid

there is not that much difference between those two protocols. If browser id decides to create a new JSON format certificate then that's ok with us. The only issue is that no browser implements that by default, which is why we did not look at that. If browser vendors are interested in developing other certificate formats, then that is also ok. But I don't see that this is a reason to exclude WebID, since we are developing experience in exactly that space.


> We are of course following the WebID's work

It does not seem that you are looking carefully enough Harry. 

> and look forward to your concrete suggestions that comes from any discussion on the WebID list,

Yes, we could participate here.

> although I would request that WebID-specific discussions stay on the WebID
> list and then your group gives the W3C a single list of requested changes
> to the charter, as discussions on this list should ideally focus on
> textual changes and scoping to the charter.

Ok. I will ask that group.

Henry

> 
> 
>> 
>> Henry
>> 
>>> 
>>>       cheers,
>>>          harry
>>> 
>>>> 
>>>> On 18 Oct 2011, at 19:53, Harry Halpin wrote:
>>>> 
>>>>> Everyone,
>>>>> 
>>>>> While its still not fully baked, we'd like to open the discussion on
>>>>> the
>>>>> list over this draft charter for a "Web Identity" Working Group:
>>>>> 
>>>>> http://www.w3.org/2011/08/webidentity-charter.html
>>>>> 
>>>>> Everything is fair game - I'm not quite comfortable even with the
>>>>> Working
>>>>> Group name. Also, there are issues of how we should scope this,
>>>>> whether
>>>>> or
>>>>> not we should split the work into two WGs (one for a Crypto API and
>>>>> another for a higher-level identity API and hooks for
>>>>> device/browser-aware
>>>>> authentication) or stick it in one WG - and of course relations to
>>>>> other
>>>>> standards bodies.
>>>>> 
>>>>> Also, if any of you are near Silicon Valley we can discuss this in
>>>>> person
>>>>> at the W3C Technical Plenary on Nov 1st. I'll send that email out in
>>>>> one
>>>>> sec..
>>>>> 
>>>>> And if anyone is at Internet Identity Workshop I'm here to discuss the
>>>>> charter.
>>>>> 
>>>>> cheers,
>>>>>      harry
>>>>> 
>>>>> 
>>>> 
>>>> Social Web Architect
>>>> http://bblfish.net/
>>>> 
>>>> 
>>>> 
>>> 
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 18 October 2011 20:30:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 18 October 2011 20:30:20 GMT