- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 03 Mar 2012 15:20:13 -0500
- To: public-webpayments@w3.org
On 02/23/2012 08:00 AM, Kingsley Idehen wrote: >> We are not going to support the first, at least, not in the near >> future. This is due to lack of good browser support - the UX is >> fairly terrible across all the browsers. > > Yes, but as you know, we can't control the browsers. Thus, why not > simply have WebID as an authentication option. Let's not throw baby > out with the bathwater here :-) An in-browser WebID authentication option is not something we want to pursue /because/ we can't control the browsers. They don't seem to have any interest in making the client-side certificate mechanism any simpler. It's a bad login experience and that's not going to change in the next two years, IMO. >> Our company had proposed a non-native mechanism for browser-based >> WebID[1], but the WebID community decided to not take that route. >> WebID does not have any champions inside of the browser vendors. >> Additionally, BrowserID has been proposed in its place with >> significant backing by Mozilla[2]. > > But we have to play the options game, at least initially. The market > will choose winners. You guys know enough about WebID to make it an > option. Ditto BrowserID. No, options are bad when it comes to having a simple login experience. We are building a product for people that may not be technically savvy, so providing them with anything that is not a simple experience is off of the table. WebID browser-based login is a bad UI experience. > I ensure all our solutions support WebID, BrowserID, WebID+OpenID, > OpenID, Digest Authentication etc.. I encourage you to do the same en > route to maximizing the payswarm early adopter pool. We will only support login mechanisms that seem like they have strong browser backing, or have a good UX. WebID has neither at the moment. We may support BrowserID and regular login in the next two years.... we will support WebID if the WebID community figures out how to make it have a good UX. >> The second was using something like WebID for cross-site >> authentication, and that's where the Web Keys[3] spec comes in. >> Note that the demo we released has the concept of an identity: >> >> https://dev.payswarm.com/i/manu > > That IRI isn't a Web scale identifier that provides a conduit to a > profile graph etc.. Why isn't it? Are you saying that because it doesn't have RDFa in the page yet? If so, we plan to publish as much RDFa data as possible, including links to public keys, etc. > The goal (as you know) has to be natural integration of this system > into the larger Web. A IRI that resolves to a profile graph is > essential for achieving that goal. Remember, WebID is just about a > solution that leverages URIs, PKI, and Linked Data for verifiable > identity, in line with AWWW. We do intend to publish profile graphs at all identity IRIs for PaySwarm. This requirement will probably be a part of the Web Keys spec. > As someone that's implemented BrowserID, WebID, OpenID, OAuth etc.. > being agnostic is the only option for a dexterous system. The UX > story isn't the key story though, it will always be about platform > agnostic data access, representation, and integration. The UX is > ultimately going to be incidental as UX itself is still driven by > data :-) Yes, ultimately. However, we're launching a commercial product for non-technical people and thus have certain usability requirements that are just not met with WebID or OpenID at present. BrowserID is a better bet for us at the moment, especially if they figure out how to publish a profile graph via BrowserID. In fact, if they do that, that would effectively kill of WebID, IMHO. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny) President/CEO - Digital Bazaar, Inc. blog: PaySwarm Website for Developers Launched http://digitalbazaar.com/2012/02/22/new-payswarm-alpha/
Received on Saturday, 3 March 2012 20:20:38 UTC