W3C home > Mailing lists > Public > public-identity@w3.org > October 2011

Re: future of Identity on the Web

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 25 Oct 2011 12:02:32 +0200
Cc: Halpin Harry <hhalpin@w3.org>, WebID Incubator Group WG <public-xg-webid@w3.org>, public-identity@w3.org, Ben Adida <ben@adida.net>, Tim Berners-Lee <timbl@w3.org>
Message-Id: <DF0B4E05-857B-4644-94B6-B7C98CD0FE17@bblfish.net>
To: Dan Brickley <danbri@danbri.org>
Thanks Dan for your grumble mode. 

grumble 1: "in development"

  Yes it is true both WebID (aka foaf+ssl) and BrowserId are in development. 

If there is a difference it is in the depth of development required by each technology. WebID set out to  use existing technologies that can be deployed in a distributed way, by inventing as little as possible. BrowserId on the other hand requires changes to the browser - welcome changes btw - to be able to work in a distributed fashion.  (Their demos now must rely on a central identity provider) 

grumble 2: The WebID XG to finish up its draft spec

I completely agree we need to get the spec finished. We have been developing test suites for WebID and I see that the Identity in the Browser spec correctly puts test suites in their charter as an important element

    http://www.w3.org/2011/08/webidentity-charter.html

We do have a lot of open issues, which we are now in the process of reviewing. I would welcome someone to help me organise this review process so that we can get something that can be published as a Technical Report. 

   Henry


On 25 Oct 2011, at 10:20, Dan Brickley wrote:

> On 25 October 2011 08:35, Henry Story <henry.story@bblfish.net> wrote:
>> Dear Web Identity Groups,
>> 
>> Since both the community forming around the Web Identity javascript cryptography work [1] and the WebID XG are working in the same space, I propose that the two groups work out how these projects can complement each other, so that the W3C can tell a unified identity story. There is a lot in common between them - usage of cryptography in the browser and certificates to prove identity online - and it seems quite clear to me that both the existing WebID solution [2] and the in development version known as BrowserId can complement each other, in fact should as much as possible do so. This could then form the basis for a future WG starting 2012, split hopefully into a number of small independent and closely interrelated parts.
> 
> // Grumble mode on.
> 
> Henry,
> Re "...clear to me that both the existing WebID solution and the in
> development version known as BrowserId", my understanding was that
> WebID is also still "in development" (aka incubation, spec-drafting
> etc.). It may well be older than BrowserID; but then so is OpenID.
> Having taken a long time to not be finished yet or broadly deployed is
> not in-itself a badge of honour! (c.f. FOAF!). This whole field is
> still, after all this time, "in development". I do see a fairly
> detailed *editor's * draft at
> http://www.w3.org/2005/Incubator/webid/spec/ but no link to the
> group's issue tracker (e.g.
> http://www.w3.org/2005/Incubator/webid/track/issues/raised ) nor clear
> indication of any schedule for getting these ideas recorded in a
> stable snapshot on W3C's Technical Reports page. One of the downsides
> of the (otherwise wonderful) trend for W3C to work in public has been
> a drift towards groups using volatile Editor's drafts rather than
> publishing clearly versioned http://www.w3.org/TR/ Working Drafts for
> review by the wider Web community. Until this has happened,
> development as a Web standard can't be said to have been completed. In
> some eyes, it has barely started without a first public Working Draft.
> 
> Harry,
> It seems at some point W3C team's analysis here -- or yours, at least
> -- led to your switching affections from "something like WebID" to
> "something like BrowserId". Despite there having been previous
> detailed team-confidential tech reviews of WebID, and talk of taking
> it WG track, there was no acknowledgement at all of this work in
> http://www.w3.org/2011/08/webidentity-charter.html ... even as
> liaison. Your explanation in
> http://lists.w3.org/Archives/Public/public-identity/2011Oct/0003.html
> "At the workshop, it seemed people wanted to focus on API based work
> first such as the Crypto API, and certificates were discussed but
> thought of as out-of-scope for this future working group" ...is
> phrased in disappointingly passive language for a decision that was,
> ultimately, yours to make (need more active verbs --- *who* thought
> what?). The fact that there was already a WebID incubator does not
> guarantee that community an on-ramp to W3C's standards track; review
> of the incubator's draft spec is a critical step there which we seem
> to be skipping. But it should ensure acknowledgement of those efforts
> while writing related charters. Instead, I read only anecdotal and
> vague reports from 'workshop discussions'.
> In just over a year, we've gone from your actively pursuing the
> FOAF+SSL/WebID group (e.g.
> http://lists.foaf-project.org/pipermail/foaf-protocols/2010-July/002693.html
> ) to pretty much ignoring their existence while drafting charters for
> obviously quite related work. This makes the W3C Team look rather
> fickle, as if picking a winner that can be brought in under W3C's
> brand was the central activity here, rather than a means to an end -
> i.e. improving the Web.  In July last year, you wrote:
> 
>> People should not divide into two camps (or three, or four), but unify
>> over the overriding ethical principle for an distributed private id-aware
>> social web, and then keep that in mind when discussing the architecture.
> 
> I'm sure the draft charter you circulated was put together under great
> time pressure and other constraints, but encourage you think a little
> more generously about the message it sends to others who have worked
> hard and in good faith over the last few years to improve identity in
> the browser, and who went to the trouble of moving their efforts to
> W3C on your specific urging.
> 
> How did we go from
> http://lists.foaf-project.org/pipermail/foaf-protocols/2010-July/002653.html
> 
>> Then, with the help of a member of the Team like myself, a
>> charter can be drawn up for a proposed Working Group, making sure the
>> OpenID community and W3C Membership is involved. So, let's work together
>> to make this happen!
> 
> ...to your curtly and frostily asking that the WebID group stays in
> its own camp and supply only diff requests on the new group's charter:
> 
> http://lists.w3.org/Archives/Public/public-identity/2011Oct/0006.html
>> We are of course following the WebID's work and look forward to your
>> concrete suggestions that comes from any discussion on the WebID list,
>> although I would request that WebID-specific discussions stay on the WebID
>> list and then your group gives the W3C a single list of requested changes
>> to the charter, as discussions on this list should ideally focus on
>> textual changes and scoping to the charter.
> 
> This all paints an unfortunate picture of W3C staff flailing around
> trying to pick a winner and get it W3C-branded ASAP. Would BrowserId
> suffer a similar fate if --for fictional example-- say OpenID Connect
> were offered to W3C for standardization tomorrow? If W3C is to be a
> natural home for several complementary efforts, then their
> interdependencies and relationships are surely deserving of more staff
> time and thought than they appear now (from the outside) to be
> getting. If you don't have the time of day to think such things
> through, please convey to W3M that you need that time. Doubtless there
> has been much internal discussion; last time I saw stats, W3C's
> team-only archives received more team mail than those on the outside.
> But from the outside, this casual brush-off does not make W3C
> incubation and community spec development look an attractive prospect
> for new efforts.
> 
> Henry,
> In http://lists.w3.org/Archives/Public/public-identity/2011Oct/0017.html
> you comment that "WebID which is a working group and even has a spec".
> As I mentioned in IRC, this might be colloquially true, however in W3C
> convention, an Incubator Group (or Community Group, or Interest Group)
> is quite a different creature from a full (let's capitalise it)
> Working Group. A "Working Group" is a sign of wider endorsement of the
> effort within W3C; specifically, that something has been endorsed as a
> useful area to charter work under by the W3C Advisory Committee.
> Further as I mention above, and Editor's Draft is pretty much just a
> random Web page until it goes through the process of being published
> at W3C as a Technical Report under http://www.w3.org/TR/. This magic
> ritual does still have a concrete purpose --- it signifies to a very
> wide public that a piece of work has been polished and progressed to a
> stage at which it deserves review from Web technologists across the
> globe. While WebID has received significant review already, it is
> critically important that you get this Working Draft out there; there
> is a much larger public waiting to read it. Many of those readers
> don't live and breath this stuff, or read English as their first
> language, but if they see that W3C has gone to the trouble of
> publishing the work in /TR/, they'll go to  the trouble of reading it.
> This needs to happen regardless of how any new group is chartered...
> 
> OK, grumbling over. Keep up the good stuff...
> 
> Dan
> 
> 
>>   Henry
>> 
>> 
>> [1] http://www.w3.org/2011/08/webidentity-charter.html
>> [2] http://webid.info/spec/
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
>> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 25 October 2011 10:03:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 October 2011 10:03:13 GMT