W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Re: Browser ID

From: Danny Ayers <danny.ayers@gmail.com>
Date: Sat, 16 Jul 2011 14:10:28 +0200
Message-ID: <CAM=Pv=QDbNa+Q11H3EERok-k_C78QyqoAcwch82v+-p238h3yQ@mail.gmail.com>
To: Ben Adida <ben@adida.net>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, WebID XG <public-xg-webid@w3.org>
On 16 July 2011 04:16, Ben Adida <ben@adida.net> wrote:
> On 7/15/11 11:56 AM, Danny Ayers wrote:
>> Nice work Ben, but...
>
> Thanks Danny. It's a team effort, of course, I only joined Mozilla 3
> months ago.

:)

> Three things:
>
> (a) I'm a big fan of linked data, but when it comes to the simple act of
> logging into a web site, I'm worried about what it means to force users
> to have a profile reachable publicly. That seems inherently at odds with
> privacy.

Ok, I'd also prefer to avoid forcing the users to provide a profile
(whatever the access control), purely optional.

> (b) I don't think users think of themselves as URIs. OpenID basically
> proved this when they moved away from "people are URIs." Users do think
> of email addresses as handles for people.

Well yes, but assuming the UI is reasonably put together, the person
would only have to enter a URI once. There are plenty of sign-up/login
forms that have a field for homepage alongside email address.

> (c) every web site wants an email address from you so they can contact
> you. I need to guarantee that, when you log into a site with BrowserID,
> the site gets an email address.

Sure.

>> while using URIs (including mailto:) would strike me as the neatest
>> approach, would it hurt to add another field for a profile URI?
>
> To the JSON assertion? We have plans of eventually adding means for web
> sites to discover additional information about you, but I'm not sure
> they would go in that initial assertion.

Hmm...I need to read the docs and ponder this some more, but if the
user provides a profile/homepage URI at the same time as their email,
there would be at least one less client-server exchange needed, and my
gut feeling is that discovery would also depend on a fairly
centralized WebFinger kind of service.

>> Whatever, some kind of convergence/compatibility between BrowserID and
>> WebID seems very desirable.
>
> Maybe. I'm still not sure I see the advantage. More in my response to
> Nathan shortly.

Maybe's good :)

I dunno, it just seems like that if a HTTP URI is available from step
1, then pretty much *any* kind of extension to the system becomes
available. I must also say it looks a bit odd that a tool that is very
HTTP-oriented such as a browser would leave that part out...

Cheers,
Danny.



-- 
http://danny.ayers.name
Received on Saturday, 16 July 2011 12:11:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC