- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 29 Sep 2015 01:00:23 +0200
- To: Rigo Wenning <rigo@w3.org>
- Cc: Brad Hill <hillbrad@gmail.com>, Dave Longley <dlongley@digitalbazaar.com>, public-web-security@w3.org
- Message-ID: <CAKaEYhK9BBfy2QGOLm3Jrpk6K7YXm+8oWVLfoazEtaCYrh1aow@mail.gmail.com>
On 26 September 2015 at 12:33, Rigo Wenning <rigo@w3.org> wrote: > On Wednesday 23 September 2015 19:01:17 Brad Hill wrote: > > But here we are, in 2015, and Identity is still the White Whale of the > Web. > > This in itself is shows a really fundamental difference in the > understanding > of identity, its social functions and the expectations attached to it. > Having followed identity for 10 years, since Brad Fitzpatrick's pivotal work on OpenID, I would say it has been very hard to make any progress at all. What has been described as "schoolboy politics" seems to hinder progress in the consensus process. Typically this consists of a world view that cannot contemplate an inclusive approach and will actively work to censor that conversation. I have noticed that every time this topic has made progress, someone will jump in and try and shut it down. Most recently this occurred in the social web WG but it has been consistent over about a dozen efforts inside and outside the W3C. The technicals are much easier than the politics, provides that there is a willingness to follow existing web standards. It simply boils down to using URIs to name things. Something we all agree in principle, but never do in practice. It still is the white whale of the web, I really hope it's possible make more progress in the next 5 years than we have in the last. The way to do that is to allow the conversation to happen and be tolerant of other people's ideas. > > BTW, in a project we implemented the chaum credentials for age verification > and other anonymous credentials (with IBM, MS, SAP and others). People were > interested. There were IPR issues in the way. And the believe of many web > actors that knowing somebody's name, having a profile, having a "identity" > equals "trust" needed for ecommerce. So "browser makers" were not > interested > because it wasn't a mainstream thought. Arguing Zeitgeist doesn't mean the > Zeitgeist is right or that the Zeitgeist can't change. > > And only because the current browser makers believe that SOP is the only > way > to scope a credential or token doesn't mean it is really the only way. It > just > means that it is more difficult to get implementation if a viable solution > is > found. We had that for over 10 years with Microsoft pouting CSS, isn't it? > > So arguing a dichotomy isn't helping IMHO. But of course I hear your > warnings > about past mistakes and I still feel my own defeats in the EU electronic > signature circus where I failed to convince others that their HIGH security > requirements will not work with Web integration. What I want is a real > discussion and not just the throwing of drop-dead-arguments. > > --Rigo > >
Received on Monday, 28 September 2015 23:00:52 UTC