Re: WPWG On NOT abandoning the CG specs (was Re: Update on Web Payments Working Group) from Kingsley Idehen on 2016-09-29 (public-webpayments@w3.org from September 2016)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 29 Sep 2016 09:54:17 -0400
To: public-webpayments@w3.org
Message-ID: <08731a44-e5ab-0d79-b63b-005b7cd86c60@openlinksw.com>
On 9/28/16 3:03 PM, Anders Rundgren wrote:
> On 2016-09-28 19:33, Melvin Carvalho wrote:
>>
>>
>> On 28 September 2016 at 18:37, Anders Rundgren
>> <anders.rundgren.net@gmail.com
>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>
>>     On 2016-09-28 15:05, Timothy Holborn wrote:
>>
>>         I often wonder where the strategic differentiation is in design
>>
>>     > philosophy that results in heavy browser reliance vs. 'cloud'
>>     > alternatives that leave perhaps different MVP requirements for
>> browsers.
>>
>>    
>> https://image-store.slidesharecdn.com/784bf26c-4ea7-4383-b89f-b92777167bb7-large.jpeg
>> <https://image-store.slidesharecdn.com/784bf26c-4ea7-4383-b89f-b92777167bb7-large.jpeg>
>>
>>
>>         What ever happened to <keygen> why was it bad?
>>
>>
>>     This is something I have a stake in since I proposed that it
>> should be removed
>>     from HTML5 back in 2009 for the simple reason that a 2-week
>> student hack, missing
>>     support for basic stuff like PIN-codes, isn't usable by banks and
>> governments.
>>
>>     That proposal didn't make me overly popular :-(
>>
>>     When Google much later suggested the same but from another angle,
>> everybody
>>     cheered and said "let's squash this dated piece of crap". 
>> Replacing <keygen>
>>     with something more 201X-ish wasn't on the menu.
>>
>>     However, both Microsoft and Google have "enterprise solutions"
>> for the US
>>     government et al to keep the (from their perspective) only real
>> market intact.
>>     https://developer.chrome.com/extensions/enterprise_platformKeys
>> <https://developer.chrome.com/extensions/enterprise_platformKeys>
>>
>>         Or WebID-TLS UX support - too expensive?
>>
>>
>>     The USG have no UX problems since their users only have 0-2
>> certificates.
>>
>>     The problem according to TAG is that client certificates
>> potentially expose
>>     static IDs to parties that shouldn't have it.  If you rather hand
>> out static IDs
>>     through an IdP (Identity Provider) like Google, everything is
>> just fine :-)
>>
>>
>> But in this scenario, it also provides google with a back door into
>> your system,
> > as well as tracking each time you log in.  Im not saying that's
> necessarily a
> > bad trade off, in all cases, but removal of choice is clearly bad
> for end users.
>
> Agreed.  However, client certificates on the Web may be fully
> "resurrected"
> but very unlikely in the way the WebID-TLS community have specified it.
>
> A

Hi Anders,

Your statement is accurate in situations where WebID+TLS is in use
without delegation. Not so when using WebID+TLS+Delegation.

Why?

Using relationship type semantics to describe the fact that a piece of
software (agent of type: Machine) acts on-behalf-of some other
human-user (agent of type: Person) negates the UI/UX hurdle in browsers
that afflicts basic WebID+TLS.  Basically, you don't have to restart
your browser to change WebIDs.

The only issue is that you will need a browser extension that adds this
functionality to browsers [1][2] . Also note that vendors are coalescing
around a common extensions API with Safari as the only current hold-out.
We even have Edge working with this extension in its most recent beta
edition.

Links:

[1]
https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73#.bmu5t98hk
[2] http://osds.openlinksw.com
[3]
https://chrome.google.com/webstore/detail/openlink-structured-data/egdaiaihbdoiibopledjahjaihbmjhdj?hl=en 
-- Works with Chrome, Opera, and Vivaldi
[4]
https://addons.mozilla.org/en-US/firefox/addon/openlink-structured-data-sniff/
-- Firefox

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Weblogs (Blogs):
Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
Blogspot Blog: http://kidehen.blogspot.com
Medium Blog: https://medium.com/@kidehen

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 29 September 2016 13:54:40 UTC