- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Mon, 28 Sep 2015 21:19:51 -0400
- To: Harry Halpin <hhalpin@w3.org>, Melvin Carvalho <melvincarvalho@gmail.com>, Rigo Wenning <rigo@w3.org>
- Cc: Brad Hill <hillbrad@gmail.com>, public-web-security@w3.org
On 09/28/2015 08:21 PM, Harry Halpin wrote: > > There is no disagreement on using URIs to name things (although URIs > clearly are not *actually* decentralized, as they rely on DNS and as > such ICANN). Just a quick note that URIs are just identifiers; they are only bound to particular networks via schemes, etc. Your statement is certainly true if we're talking about common HTTP(S) URIs. However, you could use other URIs for decentralized networks that don't have to rely on DNS, though sometimes they do as a bootstrapping mechanism. > > I believe there is a disagreement in terms of accessing the *same* > identifiers from a browser *per user* across the Web. For example, in > using client certificates and other X.509 infrastructure (and > uniquely identifying government eID schemes) without adaptation to > SOP. You could imagine, for example, access different identifiers > (add in an origin to a key derivation function) or even ZKPs > (proofs-of-possession) per user for authentication. Here's a link to a previous brief discussion on ZKPs and credentials that may be of interest to readers of this thread: https://lists.w3.org/Archives/Public/public-credentials/2015Jun/0015.html -- Dave Longley CTO Digital Bazaar, Inc.
Received on Tuesday, 29 September 2015 01:20:19 UTC