W3C home > Mailing lists > Public > public-identity@w3.org > October 2011

Re: future of Identity on the Web

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 26 Oct 2011 20:44:43 +0100 (BST)
Message-ID: <9a8ba26fa3a7a24adb9af852914031c7.squirrel@webmail-mit.w3.org>
To: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
Cc: "Ben Adida" <ben@adida.net>, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, "Harry Halpin" <hhalpin@w3.org>, "Henry Story" <henry.story@bblfish.net>, "Dan Brickley" <danbri@danbri.org>, public-identity@w3.org, "Tim Berners-Lee" <timbl@w3.org>
> Hi Ben,
>
> I hope you see that at least the title of the group is completely
> confusing for most people.

Could you suggest alternative titles? "Web Identity" was the name
suggested internally by the W3C. We could do "Web Cryptography". Do you
think work on identity APIs should not be in-scope Hannes?

>
> With regards to the scope of the group: I believe the different work items
> proposed in the charter text have a different level of maturity. Given my
> lack of understanding what some of the stuff is actually supposed to
> deliver it is hard to say how closely related these things are.
>

This is definitely true, and it seems the Crypto APIs are the most mature
although they will require substantial review as of course they are some
of the most tricky bits to get right. That is why the schedule has the
Crypto API moving first (allowing more time for review), and then the
Identity API and Sync work afterwards.

To be brief, the Identity API is simply supposed to allow developers to
access session-state (logged in, logged out, etc.) information and the
Sync is to allow these session-tokens and other credentials to be
transferred across devices. These were both heavily discussed at the
workshop and got second most votes after Crypto work.

> However, with your argument of time commitment one could as well suggest
> to merge half of the W3C groups since they somehow relate to each other.

I think the main argument for keeping them together would be that
historically lack of relationship to security expertise (and so
cryptographic credentials, acknowledging and fixing attack surfaces, etc.)
has been a weakness of the identity space. By keeping them together, we
bind together more closely work related to cryptographic security and
certain low-hanging API fruit for identity.

I apologize if that is not clear in the charter text, I will try to
manufacture some wording to respond to your earlier email. As other people
who were at the workshop might remember the discussion, please send sample
text to the list as well.

   cheers,
      harry

>
> Ciao
> Hannes
>
> On Oct 26, 2011, at 4:56 AM, Ben Adida wrote:
>
>>
>>>> I think we should coordinate now as these evolve. This is a
>>>> consequence of
>>>> your calling the other group the Web Identity group.
>>>
>>> I'm open to changing the name of the Working Group and splitting the
>>> group
>>> into two or more working groups.
>>
>> I would rather not see a split from the charter you've already defined
>> and started vetting. It's a big time commitment to participate in one
>> WG, let alone multiple.
>>
>> -Ben
>>
>
>
Received on Wednesday, 26 October 2011 19:44:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 26 October 2011 19:44:48 GMT