W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2013

Re: Webkeys, OpenID, WebID, OAuth etc..

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 22 Apr 2013 09:35:47 +0200
Cc: public-webpayments@w3.org, "public-rww@w3.org" <public-rww@w3.org>
Message-Id: <1EB5A755-30AB-47C2-92AD-70AC0E7A1CB8@bblfish.net>
To: Manu Sporny <msporny@digitalbazaar.com>

On 22 Apr 2013, at 05:27, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 04/21/2013 10:53 PM, Dave Longley wrote:
>> On 04/21/2013 05:26 PM, Henry Story wrote:
>>>> In other words, your false claim about a "very complicated 
>>>> non-decentralized protocol" is still rooted in your continued 
>>>> disinterest in understanding what we implemented.
>>> Can you find a mail where you publically explained how this 
>>> worked?
>> Yes, I can find those and so can you. Search the foaf-protocols
>> list, for instance.
> August 10th, 2010 - Dave Longley explains the JavaScript+Flash-based
> WebID+TLS protocol:
> http://lists.foaf-project.org/pipermail/foaf-protocols/2010-August/003249.html
> August 13th, 2010 - Henry Story responds to the thread:
> http://lists.foaf-project.org/pipermail/foaf-protocols/2010-August/003287.html

Good so I suppose with hindsight the idea of a Flash WebID+TLS 
protocol did not sound like such a good idea. As you see

> May 10th, 2011 - Dave Longley explains the JavaScript+Websockets-based
> WebID+TLS protocol:
> http://lists.foaf-project.org/pipermail/foaf-protocols/2011-May/004942.html
> There are at least 55 e-mails where Dave Longley took the time to
> explain the protocol publicly. You were involved in many of those
> conversations, but never did we get the impression that you were
> actually looking at or fully grasped the implementations:
> https://www.google.com/search?q=site%3Alists.foaf-project.org+longley
> In the end, we gave up on WebID specification because, after a year of
> us working on spec development and implementations, the community wasn't
> receptive to our concerns about the usability issues behind client-side
> certs. It was a deal-killer for us.

I never really saw a clear explanation of where the key material was to be
found, and how it was not going to end up centralised.

> Luckily, the Mozilla Persona team seems to be well on their way to
> solving the usability problem.
> We'd much rather work with a group that
> understands that solving the login on the Web problem starts with
> usability. It is our opinion that getting Linked Data and public key
> cryptography into Persona is going to be easier than trying to fix WebID
> at this point in time.

BrowserId - now mozilla persona - is indeed at some level quite compatible
with WebID. I studied that in more detail and wrote up a review here

At the point of writing that it still had centralisation issues, that they could only 
overcome by changing the browser. 

Also doing all this in JavaScript a Turing Complete language, when you can
do it all in an efficient TLS is of course really bad practice, and opens
a huge can of worms, if not a bathtub of them. 


> -- manu
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: Meritora - Web payments commercial launch
> http://blog.meritora.com/launch/

Social Web Architect

Received on Monday, 22 April 2013 07:36:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:31 UTC