- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 22 Oct 2012 14:32:24 +0200
- To: Kingsley Idehen <kidehen@openlinksw.com>
- CC: Ben Laurie <benl@google.com>, nathan@webr3.org, Henry Story <henry.story@bblfish.net>, Ben Laurie <ben@links.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>, "saag@ietf.org" <saag@ietf.org>, Melvin Carvalho <melvincarvalho@gmail.com>
On 10/22/2012 02:03 PM, Kingsley Idehen wrote: > On 10/22/12 7:26 AM, Ben Laurie wrote: >> On 22 October 2012 11:59, Kingsley Idehen <kidehen@openlinksw.com> >> wrote: >>> On 10/22/12 5:54 AM, Ben Laurie wrote: >>>> Where we came in was me pointing out that if you disconnect your >>>> identities by using multiple WebIDs, then you have a UI problem, and >>>> since then the aim seems to have been to persuade us that multiple >>>> WebIDs are not needed. >>> Multiple WebIDs (or any other cryptographically verifiable >>> identifier) are a >>> must. >>> >>> The issue of UI is inherently subjective. It can't be used to >>> objectively >>> validate or invalidate Web-scale verifiable identifier systems such as >>> WebID or any other mechanism aimed at achieving the same goals. >> Ultimately what matters is: do users use it correctly? This can be >> tested :-) >> >> Note that it is necessary to test the cases where the website is evil, >> too - something that's often conveniently missed out of user testing. >> For example, its pretty obvious that OpenID fails horribly in this >> case, so it tends not to get tested. > > Okay. >> >>> Anyway, Henry, I, and a few others from the WebID IG (hopefully) >>> are going >>> to knock up some demonstrations to show how this perceived UI/UX >>> inconvenience can be addressed. >> Cool. > > Okay, ball is in our court to now present a few implementations that > address the UI/UX concerns. > > Quite relieved to have finally reached this point :-) No, its not a UI/UX concern, although the UI experience of both identity on the Web and with WebID in particular is quite terrible, I agree. My earlier concern was an information flow concern that causes the issue with linkability, which WebID shares to a large extent with other server-side information-flow. As stated earlier, as long as you trust the browser, BrowserID does ameliorate this. There is also this rather odd conflation of "linkability" of URIs with hypertext and URI-enabled Semantic Web data" and linkability as a privacy concern. I do think many people agree stronger cryptographic credentials for authentication are a good thing, and BrowserID is based on this and OpenID Connect has (albeit not often used) options in this space. I would again, please suggest that the WebID community take on board comments in a polite manner and not cc mailing lists. > > >
Received on Monday, 22 October 2012 12:32:57 UTC