W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: WebID security picture

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 8 Apr 2011 16:28:12 +0200
Cc: WebID XG <public-xg-webid@w3.org>
Message-Id: <EE28C382-ED78-4009-8CFE-B7EA8C4C9B9C@bblfish.net>
To: Mo McRoberts <Mo.McRoberts@bbc.co.uk>

On 8 Apr 2011, at 16:04, Mo McRoberts wrote:

> 
>> What use is it if some parts of the document are signed, but all the rest is something that could be changed by the "unreliable host"? That host after all could just not serve the profile at all. Or it could add lots of links to porno images, or just be constantly lying about you, or worse lie about you on a few occasions.
> 
> Because for WebID as a _login mechanism_, many applications don't need to care about the vast majority of the content of a FOAF document, only the parts relating to the key you've used...
> 
>> I think it is much simpler: if you don't trust the host, don't publish there. Don't give your WebID to people with a URL of a host you don't trust. It will be very bad for your reputation.
> 
> How does my grandmother decide which hosts she 'trusts'?

How does you grandmother decide which doctor she trusts, which computer she should buy, which man she married? How does your grandma decide which chainsaw to use? My mom, who is multiple times a grandmother, had no trouble with any of those as shown by the following pictures of her chainsawing a lion taken with her camera and it could have been edited on her computer

   http://www.flickr.com/photos/bblfish/sets/72157626199366737/

All of life revolves around trust and social networks.

WebID helps tie web security it into the  system already living in the browser. It requires a trustworthy server. There are plenty of those around. The WebID itself is important because it ties crypto into the web, another very successful platform. 

Henry
Received on Friday, 8 April 2011 14:28:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC