W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: Perceived issues with TLS Client Auth

From: Ben Laurie <benl@google.com>
Date: Wed, 26 Sep 2012 16:54:42 +0100
Message-ID: <CABrd9SS_ps8y-938KnoD9XpYy0Z7LhNCOH4Zwo7Xz7w6GpRF3Q@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
On 26 September 2012 14:24, Henry Story <henry.story@bblfish.net> wrote:
> Here is how that would look if we were to  imagine a user (me) using Google+.
>
> One day I go to google plus on my desktop browser and Google Plus entices me to
> "Use WebID and login securely across the web"
> I click on that banner, and pronto, a certificate is created and transferred to
> my browser. (ok perhaps you add an intermediate page with helpful explanations
> and cool demos)
>
> Next I am walking down the street with my Android. Google+ is clever enough to notice that my android does not have a certificate - it does a TLS request for a client certificate, but receives none - and so asks me
>  "Hi Henry, get a WebID certificate for your phone too"
> I click the banner and oops I have a certificate in Android.
>
> Once I have a certificate for a device, I can log into any web site that supports WebID in one click. I can also determine for any site how much information I wish to give that site about me - using access control on information at my profile. Someting we need to work on still.

You seem to have missed out a step - how do these web sites know about
my new WebID?

Also, if I've been using WebID to log into google for some time, and
my Android phone is new, how do I get logged into G+ in order for
Google to notice that I do not have a cert?
Received on Wednesday, 26 September 2012 15:55:10 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:40:59 UTC