- From: Dominique Guardiola <dguardiola@quinode.fr>
- Date: Fri, 8 Apr 2011 15:25:51 +0200
- To: public-xg-webid@w3.org
Le 8 avr. 11 à 14:30, Mo McRoberts a écrit : > Somebody later gains access to my Facebook account, and adds their > own certificate's public key to my FOAF document. Now, they can log > in to everything I've used my WebID for previously, impersonating me. This has been already said, and OpenID has the same problem WebID goes further in allowing us to create more trust around universal authentication : - Semantic-enabled social networks are appearing everyday, add the ease of setup (just host a FOAF file) , this will spread the risk of having millions ID stolen. OpenID is hard to implement, WebID democratize universal authentication , making it easier than SMTP to deploy - If you have a critical application and allow people to use WedID, nothing prevents you to use more tools to know better who are your customers. A bank using WebID could ask for an email confirmation when detecting a change in the public key used (using a cache), ask a special question, define authorized computers using cookies ... But these are extensions/plugin that could be standardized later -- Dominique Guardiola, QUINODE • http://www.quinode.fr/ • Tel : 04.27.86.84.37 • Mob : 06.15.13.22.27
Received on Friday, 8 April 2011 14:33:15 UTC