Re: future of Identity on the Web from Harry Halpin on 2011-10-26 (public-identity@w3.org from October 2011)

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 26 Oct 2011 21:04:18 +0100 (BST)
To: "Hannes Tschofenig" <hannes.tschofenig@gmx.net>
Cc: "Ben Adida" <ben@adida.net>, "Hannes Tschofenig" <hannes.tschofenig@gmx.net>, "Harry Halpin" <hhalpin@w3.org>, "Henry Story" <henry.story@bblfish.net>, "Dan Brickley" <danbri@danbri.org>, public-identity@w3.org, "Tim Berners-Lee" <timbl@w3.org>
Message-ID: <96ee1653c9f97b6f0e233262d97f3523.squirrel@webmail-mit.w3.org>

> Hi Ben,
>
> I let Harry clarify the scope of the work and what JavaScript API
> functionality he envisions to be standardized. His feedback may give us
> both some insight into what the relationship is to BrowserID, OAuth and
> any other yet-to-be invented identity management protocol.
>

Just to be clear, the scope does include standardizing JS APIs around
identity, including those that build off of cryptographic credentials.
These are related to APIs that Mozilla has proposed and used in BrowserID.

Just like WebID, BrowserID will be an important and valuable input to the
WG but similarly as it stands BrowserID is also still clearly
work-in-progress so it can not be standardized as it stands.

BrowserID proposes using APIs to attach credentials to identifiers for
session state and allowing access to that info via an API. Currently
cookies attached to verified emails are used in the examples in the
Session Description Protocol page [1], but there seemed to be desire at
the workshop to allow stronger cryptographic credentials and perhaps other
kinds of identifiers. I would consider that kind of API in scope, although
the details would require work.

[1] https://wiki.mozilla.org/Identity/Verified_Email_Protocol/Session_API

> Ciao
> Hannes
>
> On Oct 26, 2011, at 9:06 AM, Ben Adida wrote:
>
>> On 10/25/11 10:58 PM, Hannes Tschofenig wrote:
>>> This scope of the group is not about standardizing BrowserID as a
>>> solution to begin with.
>>
>> Hmmm, as I understand it, the scope does include standardizing JS APIs
>> along the lines of what BrowserID has proposed.
>>
>> If not, please do let me know, as that will call into question my
>> participation. I'm not interested in yet another open-ended discussion
>> about identity-in-the-browser. If W3C prefers that Mozilla go it alone
>> for a while longer, I'm happy to bring that back to our team and
>> consider a more go-it-alone approach for now (though of course we will
>> continue to do everything in the open.)
>>
>> -Ben
>>
>
>
>

Received on Wednesday, 26 October 2011 20:04:23 UTC