Re: Credential Handler API Polyfill (video demo)

i keep hearing the name of the singer in vegas, and it sounds like jsonld.
 A prayer for those in the US. I hope your families are all ok and for
those affected, that they are provided the support they need.

On Tue, 3 Oct 2017 at 02:03 Dave Longley <dlongley@digitalbazaar.com> wrote:

> On 10/02/2017 10:46 AM, Timothy Holborn wrote:
> > I think the UX is much better than TLS Certs already - congrats!
>
> Thanks! Though we are definitely looking for suggestions (or PRs) -- we
> want to continue to improve it over time.
>
> >
> > Big Milestone...
> >
> > Have you thought about a Browser Extension mock-up?
> >
> > Perhaps on mobile; an app?
>
> Yeah, but requiring one would be a significant barrier to adoption. That
> doesn't mean that someone couldn't create one to enhance the experience,
> but we need a Web-only baseline solution.
>

I think Baseline solution is of course MVP.  Yet, if we use ChromeCast as
an example; their interface framework (extension / app) - if a reference
example were defined; perhaps so long as the license required compliance
with the 'baseline solution' you might find a bunch of new implementers...

I'm particularly interested in building 'stuff' that plugs into WordPress.


>
> >
> > FWIW: I still like WebID-TLS however IMHO (whether or not FOAF is used)
> > i think the CERT should denote the device (ie: My Family TV, My Friends
> > TV, My Phone, etc.) rather than agent:person.  Yet this view has other
> > implementation related implications that are not necessarily used for
> > every application of creds. (perhaps also, my thinking is now out of
> > date for one reason or another...)
>
> Yeah, there are a number of issues with the WebID-TLS approach. Note
> that the "hint" displayed in the chrome-esque dialog box can include any
> text -- the text is entirely up to the credential repository and the user.
>

just to ensure i'm kinda clear.

The desktop experience for TLS kinda sux.  also desktops often have
multiple users within a single user-account (on the desktop system).  TVs
(ie: HbbTV Spec) supports TLS Certs; and can therefore provide a
user-configurable means to provide privacy enhancing services that support
personal data-storage (ie: RWW Styled); yet again, only one 'account' on a
TV - with a plurality of users.

The view is not to replace credentials; but rather - the credentials
frameworks (inc. rdf related considerations embodied therein) were IMHO
designed to add alot of value to pre-existing WebID-TLS work. The Cert
(with SubjectAltName URI) is useful to link a device (or device account)
with a external (LDP) server.  Yet, i felt the method didn't effectively
support an array of functionality around defining 'persona' that was
otherwise viably possible via creds.

Therein theory; was that a means may be to use both. I made
http://mediaprophet.org/ux_KB/ a long time ago.
http://mediaprophet.org/ux_KB/page4115294.html#0 is example of WebID-TLS
Cert management (for a RWW account) and
http://mediaprophet.org/ux_KB/page4115292.html#0 was a very early
constituent of my working-up the 'persona modelling' (that's since
developed significantly.

http://webcivics.org/dev/  is a more recent example (now, i think maybe
about 2 years old?) where 2 factor denoted WebID-TLS use; and i'm pleased
https://github.com/solid/webid-oidc-spec is now available.

The constructs around the use of http-signatures as they pertain to
'identity constructs' or 'persona constructs' are in-turn; the subject of a
newer document i'm authoring at present, and this will in-turn lead me to
doing a more recent review to get back in-sync.  I'm trying to keep the
'philosophy' out of W3C (whilst doing some work to find a means in which it
may develop, and add-value to W3C works) ;)



> >
> > Tim.H.
>

more soon...

Tim.H.


> >
> > On Tue, 3 Oct 2017 at 01:39 Dave Longley <dlongley@digitalbazaar.com
> > <mailto:dlongley@digitalbazaar.com>> wrote:
> >
> >     On 10/01/2017 06:07 AM, Roman Evstifeev wrote:
> >      > Hm...at the step of storing a passport narrator says that you
> >     should be
> >      > redirected to the credential handler website. The page really
> >     looks like
> >      > handler website (blue page header), but the url really does not
> >     change -
> >      > it still remains the issuer address... This is confusing. Is this
> >     just a
> >      > demo being incomplete yet? Or am I not getting how the process
> should
> >      > look like?
> >
> >     What you're seeing there is a "contextual window" which is a new
> concept
> >     where it's unclear how browsers will implement. They may end up just
> >     opening a new tab but it breaks the user out of the flow. Note that
> >     there really isn't a "redirection" in the sense that the browsing
> >     context *navigates* to another page. The existing page that launched
> the
> >     request must not lose its state.
> >
> >     The polyfill implements this "contextual window" by using an iframe
> that
> >     includes a UI message about what's going on above the iframe -- but
> it
> >     is true that it's not explicit which site you're on and I agree
> that's
> >     an issue. We're ahead of the browser implementations in this space so
> >     the demo is just trying to guess at what the experience will be in a
> >     browser or what the "best" experience *could* be.
> >
> >     We're interested in feedback like this -- and suggestions for
> addressing
> >     it. Do you think that the user should be taken to an entirely new
> tab at
> >     this point (understanding the drawback where the user may "lose"
> their
> >     place if they click on other tabs) -- or should we just try to better
> >     visually include the origin of the wallet/repository site somehow?
> There
> >     is also limited real estate on mobile. We do expect that this will be
> >     easier for browsers since they have control over the chrome.
> >
> >
> >      >
> >      > On 26 September 2017 at 06:19, Manu Sporny
> >     <msporny@digitalbazaar.com <mailto:msporny@digitalbazaar.com>
> >      > <mailto:msporny@digitalbazaar.com
> >     <mailto:msporny@digitalbazaar.com>>> wrote:
> >      >
> >      >     Hey Credentials CG (bcc: VCWG),
> >      >
> >      >     I think you'll really like this. The engineering team at
> >     Digital Bazaar
> >      >     has been hard at work creating a production grade polyfill
> >     for both the
> >      >     Credential Handler API in Chrome, Safari, Edge, and Firefox.
> >     We're doing
> >      >     this to accelerate uptake of Verifiable Claims and
> Decentralized
> >      >     Identifiers. We're announcing a beta release to developers
> today.
> >      >
> >      >     An introductory video giving some background as well as
> >     recordings
> >      >     showing it working in all major browsers can be found here
> >     (~6 minutes
> >      >     runtime):
> >      >
> >      > https://youtu.be/qdbDu1oV0PI
> >      >
> >      >     What does this mean for the Credentials CG work?
> >      >
> >      >     * When the polyfill hits production, we expect that ~90% of
> >     all browsers
> >      >        (roughly 2.8 billion people) will immediately get support
> >     for the
> >      >        Credential Handler APIs across desktop and mobile browsers.
> >      >
> >      >     * Web developers won't need to wait for browsers to implement
> >     the latest
> >      >        Credential Handler API in order to deploy to their
> customers.
> >      >     Instead,
> >      >        the polyfill will provide missing browser features until
> >     the browsers
> >      >        support them.
> >      >
> >      >     * This will enable us to more rapidly test and deploy new
> >      >        verifiable claims features, greatly reducing the cost of
> >      >     innovation in
> >      >        the group, and enabling more people to participate in the
> >     design and
> >      >        development process.
> >      >
> >      >     * This approach is not only compatible with DID-based
> >     authentication,
> >      >        but empowered by it. You can see it how easy DID-based
> >     login is
> >      >     in the
> >      >        demo video.
> >      >
> >      >     * Since this approach is almost identical to the Web Payments
> >     API, which
> >      >        all browser vendors are implementing, there is a high
> >     likelihood that
> >      >        this API will be technically acceptable to the browser
> >     vendors as
> >      >        well. We're going to start that conversation with them in
> >     the coming
> >      >        weeks.
> >      >
> >      >     What is next?
> >      >
> >      >     * We'll submit a paper on this to Rebooting Web of Trust for
> >      >        discussion.
> >      >
> >      >     * We'll continue to harden the polyfill for production usage.
> >      >
> >      >     * We'll pick an open license that works for all orgs and
> >     implementers.
> >      >
> >      >     * We still need to implement some simple things, like better
> >      >        animations/transitions when selecting
> >     identities/credentials. Some
> >      >        CSS still needs to be fixed.
> >      >
> >      >     -- manu
> >      >
> >      >     --
> >      >     Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu
> >     Sporny)
> >      >     Founder/CEO - Digital Bazaar, Inc.
> >      >     blog: Rebalancing How the Web is Built
> >      > http://manu.sporny.org/2016/rebalancing/
> >      >     <http://manu.sporny.org/2016/rebalancing/>
> >      >
> >      >
> >
> >
> >     --
> >     Dave Longley
> >     CTO
> >     Digital Bazaar, Inc.
> >     http://digitalbazaar.com
> >
>
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> http://digitalbazaar.com
>

Received on Monday, 2 October 2017 15:30:31 UTC