W3C home > Mailing lists > Public > public-identity@w3.org > October 2011

Re: Draft Web Identithy Working Group Charter for Discussion

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 20 Oct 2011 13:12:15 +0200
Cc: Thomas Roessler <tlr@w3.org>, "Francisco Corella" <fcorella@pomcor.com>, "public-identity@w3.org" <public-identity@w3.org>
Message-Id: <91C2D357-F953-4887-B166-6267E0EC94CC@w3.org>
To: Harry Halpin <hhalpin@w3.org>
On 2011-10-19, at 21:08 +0200, Harry Halpin wrote:

> Yes, although not that we still have a Crypto API (likely based around
> DomCrypt work) in the charter. Therefore, the use of cryptographic
> credentials in a Crypto API and their relationship of this Crypto API to
> identity authentication and authorization is definitely within scope for
> the future WG.
> 
> However, any proposed solutions that require change the CA system (which
> many agree are needed at the workshop, but that's beyond the W3C) or
> changes to how certificates are currently generated are out-of-scope as
> decided by the workshop in our final session.

I think it's worthwhile to be careful with words here.

I'd probably say that replacing the CA system is a non-goal, and reinventing things like DANE (or other DNSSEC applications) is probably another non-goal.  Trust frameworks for certificates (think "CA/Browser forum guidelines for EV certificates") are probably out of scope.

I don't recall any particular discussion at the workshop about certificate *formats*.  A WG could plausibly build a design for certain identity assumptions based on a JSON-basd certificate format; in that case, I'd hope they'd take a close look at the IETF JOSE WG (JSON signing).

A WG could also come up with some clever ideas based on self-signed certificates for some purposes; that, too, strikes me as plausibly in reach.

(Note that I'm trying to describe where I think plausible outer bounds might be; I'm not saying that the identity work resulting from these conversations should do any of these things.)

> We will announce any future workshops that more narrowly scope themselves
> to certificates and the CA system on this mailing list.
Received on Thursday, 20 October 2011 11:12:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 October 2011 11:12:23 GMT