W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: the openid para

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 28 Apr 2011 12:20:16 -0400
Message-ID: <4DB993C0.9080504@openlinksw.com>
To: public-xg-webid@w3.org
On 4/28/11 11:43 AM, peter williams wrote:
>
> Is time to get off the keygen hobbyhorse, and solve this for grandma. 
> Why are we using keygen from 1995, when we don’t use HTML (now having 
> proper DOM controls?)
>
> The reason folks in the microsoft universe don’t bother arguing about 
> keygen (just ignoring it for a decade) is that its pointess – endless 
> rhetoric and posturing by vendors and their proxies.  But, using the 
> object tag, the very same control that IE uses to do keygen-equivalent 
> also browsers to talk to a web service or a messaging interface, that 
> does FULL lifecycle management of certs/keys. It will quite happily 
> re-mint your own and your machine’s cert(s) daily, without you even 
> blinking - assuming its in a directory managed PC environment. Making 
> it work in the web is a matter of will power, and vendor cooperation 
> (so Mozilla can improve its MS support, too).
>
> If the id conference did anything, it would move past almost 15 years 
> of bickering about keygen – and let the web catch up with what the 
> enterprise space has done with browsers for almost a decade.
>
> AS we discussed on another thread, the world of enterprise LAN is 
> starting to creep into the web - providing more value add than the 
> basic document paradigm. We just must not sound like the folks who 
> objected to mosaic, wanting lynx to rule the waves. The web may boot 
> using scripts, but its not limited to them.
>
> Now RDF and certs have something in common - there are legions of 
> folks trained to whine, to simply stop them happening. They threaten 
> (change). But, over time, folks catch up. I doubt RDF is a threat to 
> Microsoft product managers anymore, being a minor shift from where 
> they are. It just requires consensus now (unlike a decade ago). Its 
> jus ta different serializer for metadata libraries that are just as 
> sophisticated as the stuff from HP in Bristol, UK.
>
> Myopenid could do webid tomorrow, its that easy for them. They already 
> support client certs! They could thus "bridge" webid to openid.
>
> The implementor of starterSTS <http://startersts.codeplex.com/>  can 
> easily bridges openid to ws-fedp.
>
> Thought Microsoft’s ACS v2 NOW does OAUTH, Facebook Apps, Yahoo and 
> live to ws-fed bridging it doesnt (obviously) allow just any old 
> wordpress openid OP to do the same. It would allow the ws-fedp fvrom 
> starterSTS to bridge in, though, indirectly allowing wordpress sites 
> to talk to the rest of the Microsoft universe. If there are any java 
> EE STS out there left, it will talk to them, too, using older protocol 
> versions.
>
> So just imagine – a world, taking 2 days or less, in which
>
> Webid logs on to myopenid, which asserts to starterSTS that re-asserts 
> to ACS, that talks to any Microsoft powered websso site ( in addition 
> to all the places that myopenid talks natively, and all the million 
> sites that can process certs, and do foaf validation callbacks on a 
> server).
>
> Now, this is the multi-culturalism I want to promote – to engender 
> adoption. Nothing about such cooperation diminishes one’s own unique 
> slice on life – here being a friending model that is like facebook but 
> rather more open and MUCH less controlling. In fact, such practices 
> help show the differences - allowing sites with n library choices now 
> to pick the one that is BEST for their kind of web app. So long as 
> that local choice adds some local value, and doesn’t diminish global 
> interoperability, it all works.
>
> There is a moment to be seized and it will be lost within the month, 
> if not taken.
>

+1000

And it won't be lost :-)

Kingsley
>
> -----Original Message-----
> From: public-xg-webid-request@w3.org 
> [mailto:public-xg-webid-request@w3.org] On Behalf Of Nathan
> Sent: Thursday, April 28, 2011 6:18 AM
> To: Dan Brickley
> Cc: peter williams; public-xg-webid@w3.org
> Subject: Re: the openid para
>
> Dan Brickley wrote:
>
> > On 28 April 2011 04:50, peter williams <home_pw@msn.com 
> <mailto:home_pw@msn.com>> wrote:
>
> >> "OpenID reduces the account multiplication issue by allowing users to
>
> >> login to every site using the same global identifier. This provides a
>
> >> base from which WebId can be deployed, procuring the following 
> extra advantages:
>
> >> Protocol simplicity: the WebID protocol is a lot simpler, requiring
>
> >> only one more connection over and above the connection to the
>
> >> requested resource, where the result is cacheable. OpenID requires
>
> >> seven TLS connections, significantly more than WebID. These
>
> >> additional steps create opportunities for denial of service attacks,
>
> >> making it more difficult to secure and to debug."
>
> >>
>
> >> I think we are still learning to make effective pitches. The above,
>
> >> for example, now submitted, sounds somewhat catty. If my sales team
>
> >> used that tone about our competition, Id consider him jaded and 
> time for retirement.
>
> >
>
> > I have to agree.
>
> +1
>
> > Last thing we need is a retread of the unfortunate tribalism that was
>
> > 'microformats versus Upper Case Semantic Web'.
>
> definitely, that vs mentality is possibly one of the biggest blockers 
> to adoption.
>
> > WebID stands on its strengths. And in some cases, being able to fall
>
> > back to OpenID (eg. from the certless cybercafe PC scenario) is more
>
> > appealing than messing around using a password to install (and then
>
> > remove) a transient WebID cert on an uknown PC.
>
> This is probably our biggest issue, we need to do something abotu that 
> fast, cert management is a huge PITA - my cert expired last week, I 
> use it for loads of things (use the keys from it for github, w3c cvs, 
> my own svn stuff, dav servers etc) this thing expiring is a really big 
> problem at the minute, and the levels of pain it's going to take to 
> re-issue the the cert with the same keys is not something my mum could 
> manage.
>
> > From the point of view of the more descriptively-oriented FOAF work,
>
> > multi-protocol is not just unavoidable, but essential. Protocols are
>
> > the papertrail that let us move from RDF triples to RDF quads, to keep
>
> > track of who-said-what and to then be able to query them usefully in
>
> > SPARQL or even reason about them. There is a level of abstraction
>
> missing, a level of abstraction is missing at the minute. Needs focus.
>
> > While WebID and digital signature (PGP or otherwise) are key tools
>
> > there, so are custom REST APIs, XMPP, and other older, more
>
> > domesticated protocols like IMAP and POP.
>
> +1
>
> > Regarding multi-protocol, perhaps the most effective thing that could
>
> > be done in the WebID community would be to create or patch
>
> > opensource/free software tools to be protocol agnostic, and which
>
> > would allow Web developers to implement 'login with openid or webid or
>
> > facebook or twitter or ...' rather than face each hurdle separately.
>
> +1
>
> > Updating the various wordpress, drupal, mediawiki etc etc openid 
> addons to handle WebID too would be a big boost.
>
> I think we can safely say that's about to happen in the near future ;)
>
> > But then so would having a not-for-geeks "login with your Web
>
> > identity" narrative that would subsume technology differences between
>
> > OpenID and WebID.
>
> agree!
>
> > (*) saying this, I'm painfully aware that I've not had time to put
>
> > much time into any of this lately, so maybe I shouldn't be cavalier in
>
> > making suggestions for how others assign their time.
>
> Who has? Although it feels like there are quite a few of us with 
> renewed focus to attack the big picture with real working code 
> spanning multiple projects and groups. It's going to be a fun / 
> interesting year.
>
> Best,
>
> Nathan
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Thursday, 28 April 2011 16:20:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC