W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Re: Browser ID, WebID & URLs

From: Ben Adida <ben@adida.net>
Date: Mon, 18 Jul 2011 19:22:13 -0700
Message-ID: <4E24EA55.9080900@adida.net>
To: Henry Story <henry.story@bblfish.net>
CC: Tom Scavo <trscavo@gmail.com>, dev-identity@lists.mozilla.org, WebID XG <public-xg-webid@w3.org>
On 7/17/11 8:49 PM, Henry Story wrote:
> 
>> Yes, and an interesting experiment it is, too.
> 
> agree.

I'm glad you think so. We think it's important to keep it simple to see
where it goes.

And though I'm pessimistic about WebID, I'm glad you're experimenting
with it. I will gladly eat my words if you succeed.

> A lot of people don't want to get into spam registries. The privacy
> advantage of http URLs is that you can't send e-mails using them. So
> one could argue that http URLs are more privacy enhancing :-)

It's easy to create an email alias that goes to bitbucket, if we find
that that's an important use case. I doubt it, though.

I don't think we're going to agree on the privacy properties of HTTP
URLs that reveal information to anyone who asks, and that effectively
become logs of all login activity.

> A question on short keys - this is probably something I have not fully understood.
> But if the keys are short lived, don't you have to go back to your e-mail provider
> constantly to create new keys?

Indeed. But we are working on the protocol that will let a provider that
has already certified you re-certify you quietly. So when you log back
into your email provider, your cert is renewed automatically, in the
background.

> If so is that not a Usability nuisance?

I'm pretty sure we can make it fully transparent and yet fully
user-consented. But we've got some work left to do to get there.

-Ben
Received on Tuesday, 19 July 2011 02:22:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC