W3C home > Mailing lists > Public > public-xg-webid@w3.org > September 2011

Re: cross-origin webdav with TLS client certs (was Re: [unhosted] data.fm now accepts multiple authentication methods)

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 24 Sep 2011 12:28:23 +0200
Cc: Joe Presbrey <presbrey@gmail.com>, Read-Write-Web <public-rww@w3.org>
Message-Id: <9BF2574D-4242-4935-A69A-8D2A287CCB23@bblfish.net>
To: WebID XG <public-xg-webid@w3.org>
Just forwarding this to the WebID XG mailing list, as this should go under a report on UserInterface  design questions, and to rww as there is an issue of access control vocabulary.

On 24 Sep 2011, at 11:50, Michiel de Jong wrote:

> On Sat, Sep 24, 2011 at 11:19 AM, Henry Story <henry.story@bblfish.net> wrote:
>> - create a cloud on https://data.fm/
>> - go to https://michiel.data.fm/ 
>> - log in with WebId
> 
> I am having trouble logging in with my WebID ( http://bblfish.net/people/henry/card#me )
> 
> 
> are you trying to log in to michiel.data.fm or to (say) henry.data.fm? i mean, i think it's expected behaviour that only i can log in to my data.fm cloud.

Ah I see. Sorry :-) 

That is not very user friendly interface. Currently it just asks me for another certificate if I cannot log in.

It need not be so.  data.fm should distinguish between failed authentication and failed authorisation. When I log in with my WebID what failed is not authentication, but authorisation. So the server should say 

"Welcome Henry! You don't have authorisation to access this page. You need to be a friend of Michaels to view his content..."

Otherwise people are quite right to say that WebID has an ugly UI. But that is not TLSs fault at this point. It is completely possible to improve the server side implementation.

This needs to be written up on the WebID-XG so I'll repost it there.

Henry
Received on Saturday, 24 September 2011 10:29:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 24 September 2011 10:29:06 GMT