W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: WebID questions -- was: [dane] Call for Adoption: "Using Secure DNS to Associate Certificates with Domain Names For S/MIME"

From: Ben Laurie <benl@google.com>
Date: Thu, 27 Sep 2012 09:38:36 +0100
Message-ID: <CABrd9SQgwb4=Sh9W4fWysOQxsmG=U70fvesG+sh5g+FWu+W-MA@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: public-webid@w3.org, Andrei Sambra <andrei@fcns.eu>
On 27 September 2012 09:31, Henry Story <henry.story@bblfish.net> wrote:
>
> On 27 Sep 2012, at 09:57, Ben Laurie <benl@google.com> wrote:
>
>> On 26 September 2012 13:50, Henry Story <henry.story@bblfish.net> wrote:
>>> On 26 Sep 2012, at 13:59, Ben Laurie <benl@google.com> wrote:
>>>> The easy interface works well only if you are happy with a small
>>>> number of identities - i.e. linkability across almost everything.
>>>> Also, note that this kind of thing was tried with Microsoft's
>>>> InfoCards and also with OpenID. It didn't go so well.
>>>
>>> Microsoft's info cards was a centralised solution I believe. Here we are using only open web standards: HTTP, TLS, RDF, Linked Data. Which allows everybody - individuals as well as large institutions to participate. We are not excluding anyone here.
>>
>> No, infocards were decentralised.
>
> And they permitted a distributed web of trust? I really doubt they had the tools to work with that, in part because it requires open standards such as those behind LinkedData (HTTP+RDF) for it to make sense.
>
>> But that's really not the point -
>> the point was that they involved similar choices amongst a large
>> number of possibilities, and it turned out to be hard to use.
>
> it cannot have been a similar choice among these number of possibilities. They did not have LinkedData ( that meme only really appeared in 2006 or so, and has been growing slowly and steadily since then . see for example Tim's 2009 Ted Talk http://www.ted.com/talks/tim_berners_lee_on_the_next_web.html )
>
> Think about this: if you are from Google - a company whose life is based on the Web, was built on the web, and whose core algorithm is based on the linking of pages - but who still is largely new to LinkedData, you can imagine that Microsoft, a much older company with a lot more legacy, is going to be much slower in embracing such a change ( though huge leaps have been known to happen ) Also remember they were taking in by the SOAP bubble.
>
>> OpenID has a similar problem (its what they call the Nascar problem).
>
> We can get rid of the Nascar problem easily. I think someone may already have implemented an initial example of that using WebID... You just write a server that does the following when someone clicks the 1 and only login link on the page.
>
> The server requests the client certificate  ( asynchronously is best as in here  https://github.com/bblfish/Play20 )
>
>  IF the user selects a certificate and returns it

This is the point at which the Nascar problem occurs: selecting the certificate.

>     The server on receiving the certificate. Either
>       a. the certificate is CA signed and trusted. Follow usual procedure.
>          (though if there is a WebID, you can get extra information that would
>            otherwise be difficult to put in a cert)
>       b. the certificate does not have a CA known to the server and no WebID
>          use the public key as a temporary identifier, but suggest linking that public key to a number of other
>          identification schemes - you're in NASCAR land - but also suggest to the user to get a WebID
>       c. the certificate does not have a CA known to the server and a WebID
>         do WebID identification.
>   Else
>        do the usual Nascar stuff
>
> In a, b above you have a WebID so you can replace the Nascar box by a linking verification process, and you can reduce the immediately visible options by using the information from the WebID profile using the foaf:holdsAccount relations found in the foaf file: e.g.: no need to suggest Facebook login - as a first option - if the user does not in his profile declare having an account there.
>
> The above is a back of the envelope sketch of how to do things. Of course with a team of good designers you'd develop that carefully and do usability tests.
>
>
>        Henry
>
>
> Social Web Architect
> http://bblfish.net/
>
Received on Thursday, 27 September 2012 08:39:04 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:40:59 UTC