W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 27 Apr 2011 15:57:19 +0200
Cc: public-xg-webid@w3.org
Message-Id: <88E523FD-F430-4D41-9031-180363413E07@bblfish.net>
To: Kingsley Idehen <kidehen@openlinksw.com>
Tightened up the OpenId section following your suggestion below and added you to the contributors.

https://github.com/bblfish/identity-ws-2011/commits/master


On 27 Apr 2011, at 13:38, Kingsley Idehen wrote:

> On 4/27/11 6:20 AM, Henry Story wrote:
>> Some more changes added to github and placed online here
>> 
>>    http://bblfish.net/tmp/2011/04/26/
>> 
>> This covers the last 5 changes from the changelist published here:
>> 
>>   https://github.com/bblfish/identity-ws-2011/commits/master
>> 
>> Henry
>> 
>> 
> Henry,
> 
> 3.2 Comparison to OpenID
> 
> OpenID reduces the account multiplication issue by allowing users to login to every site using the same global identifier. WebID was inspired by OpenID but improves it in a number of meaningful ways:
> 
> Protocol simplicity: the WebID protocol is a lot simpler, requiring only one more connection over and above the connection to the requested resource, where the result is cacheable. OpenID requires seven TLS connections, significantly more than WebID. These additional steps create opportunities for denial of service attacks, making it more difficult to secure and to debug.
> User-interaction simplicity: OpenID requires the user to remember and type an OpenID URL. WebID hides this in the X509 certificate allowing the browser to offer select-and-click interaction. This is very helpful anywhere, but especially on handheld devices.
> These protocol simplifications create a cascade of additional benefits. The most interesting is that by being completely compliant with Web Architecture the trust can be moved from the single Identity Provider to the Web of declared relations between agents, opening the space for much more flexible trust policies and choices by service providers, in line with how business actually gets done.
> 
> Nevertheless OpenID and WebID can work well. The OpenID profile can be the WebID Profile. For devices that have not implemented client-side certificates properly yet, OpenID can then be used for authentication.
> 
> 
> Why not:
> 
> 3.2 OpenID
> 
> OpenID reduces the account multiplication issue by allowing users to login to every site using the same global identifier. It works well with WebID and provides a base from which WebID is able to deliver the following benefits:
> 
> Protocol simplicity: the WebID protocol is a lot simpler, requiring only one more connection over and above the connection to the requested resource, where the result is cacheable. OpenID requires seven TLS connections, significantly more than WebID. These additional steps create opportunities for denial of service attacks, making it more difficult to secure and to debug.
> 
> User-interaction simplicity: OpenID requires the user to remember and type an OpenID URL. WebID hides this in the X509 certificate allowing the browser to offer select-and-click interaction. This is very helpful anywhere, but especially on handheld devices.
> 
> These protocol simplifications create a cascade of additional benefits. The most interesting is that by being completely compliant with Web Architecture the trust can be moved from the single Identity Provider to a federated Web of declared relations between agents, opening the space for much more flexible trust policies and choices by service providers, in line with how business actually gets done.
> 
> An OpenID profile can be a WebID Profile. For devices that have not implemented client-side certificates properly yet, OpenID can also serve as a fallback authentication mechanism.
> 
> Note: quick edit, so read through.
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> President&  CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Wednesday, 27 April 2011 13:57:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 April 2011 13:58:10 GMT