- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Wed, 17 Jun 2015 15:09:50 +0000
- To: Joerg.Heuer@telekom.de, Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Eric Korb <eric.korb@accreditrust.com>, W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAM1Sok1a4Qifzm+a7gy_ZpK-+588VffHu2kvzbiYhfLMaC9sJg@mail.gmail.com>
"It's really important not to impose personal preferences onto others, here. " This is the credentials CG, did you think this was the WebID CG? I don't understand... On Thu, 18 Jun 2015 at 1:05 am, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > On 17 June 2015 at 16:57, <Joerg.Heuer@telekom.de> wrote: > >> +1 to definitely not aim at storing credentials in the browser. I’d like >> to use different browsers on different platforms – and have them synced if >> I may… >> > > That's a design decision and people will have different preferences. It's > really important not to impose personal preferences onto others, here. > Mozilla tried to do this and that's one reason Persona failed to become a > standard. > > Estonia solve this quite neatly with the e citizen program by using a card > reader. The browsers have the ability to store credentials externally, > which is a nice feature. > > It seems to have worked very well. Once finland operate this, both > belgium and holland have digital id schemes in the world. I think > estonia/finland is the most advanced. There will be mounting pressure IMHO > on denmark, norway, sweden and then germany to innovate: > > https://www.youtube.com/watch?v=L4J5yeyGu1A > > It's been a huge win for Estonia to date > > Adding the online national census capability cost only the census > software, less than €10K, because the infrastructure was already in place > > compare the US: The 2010 census cost $13 billion, approximately $42 per > capita > > >> >> >> *From:* Timothy Holborn [mailto:timothy.holborn@gmail.com] >> *Sent:* Mittwoch, 17. Juni 2015 16:52 >> *To:* Eric Korb; Melvin Carvalho >> *Cc:* Credentials Community Group >> *Subject:* Re: WHY USING FACEBOOK, GOOGLE, AND TWITTER TO LOG INTO APPS >> IS A PROBLEM >> >> >> >> (Can't respond inline on Google inbox, as far as I can tell...) >> Re: credentials in the browser. >> So, >> How do you reset your tls cert? Say, for nanna... >> Are you suggesting you think credentials are unnecessary? >> What's the difference between trusting a data space service with your >> data vs. your credential access support. >> Do you think it's global or go home; or, >> Should every legal entity (and/or bot/agent) be able to "mint" a >> "credential", and what happens if your computer is stolen, or fails, or >> someone else is using your account on your computer. >> How does it support isolation of roles/persona. >> Communities at all levels share and disagree on an array of values. From >> images relating to local laws on nudity or gun licensing, to the cost of >> education. >> Who says one ring should rule them all... >> >> >> >> On Thu, 18 Jun 2015 at 12:17 am, Melvin Carvalho < >> melvincarvalho@gmail.com> wrote: >> >> On 17 June 2015 at 14:23, Eric Korb <eric.korb@accreditrust.com> wrote: >> >> Interesting article. >> >> >> >> >> http://www.fastcompany.com/3044280/one-more-thing/the-ghosts-of-app-permissions-past >> >> >> >> Yep, it used to be even worse. They used to phish your password: >> >> http://microformats.org/wiki/social-network-anti-patterns >> >> Mozilla persona still does this. >> >> I prefer to keep credentials in the browser. This can be done today with >> X.509 or the web crypto API. >> >> >> >> >> >> ---------------------------------- >> >> Eric Korb, President/CEO - accreditrust.com >> <https://www.accreditrust.com> >> >>
Received on Wednesday, 17 June 2015 15:10:30 UTC