Re: future of Identity on the Web from Henry Story on 2011-10-26 (public-identity@w3.org from October 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 26 Oct 2011 10:12:34 +0200
To: Ben Adida <ben@adida.net>
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Halpin Harry <hhalpin@w3.org>, Dan Brickley <danbri@danbri.org>, public-identity@w3.org, Tim Berners-Lee <timbl@w3.org>, WebID Incubator Group WG <public-xg-webid@w3.org>
Message-Id: <3A0F1074-324E-4FAC-B873-4FED1F9527CD@bblfish.net>

On 26 Oct 2011, at 08:06, Ben Adida wrote:

> On 10/25/11 10:58 PM, Hannes Tschofenig wrote:
>> This scope of the group is not about standardizing BrowserID as a
>> solution to begin with.
> 
> Hmmm, as I understand it, the scope does include standardizing JS APIs along the lines of what BrowserID has proposed.

yes, of course it would be an enabler for BrowserId, as well as for many other projects.

Similarly, BrowserId needs to standardise a way to get the public key of the BrowserId certificate issuers, related to the e-mail provider in such a way that authentication of the certificate is authentication of the e-mail. A standard on that would enable BrowserId and WebID simultaneously. For WebID it shows how ISSUE-2: "Explore the role of Issuer Alternative Names in WebIDs" can help solve ISSUE-3: "ISSUE-3: Explore Large scale TLS WebID installation issues" [1].  Could we work together on this?

Good solutions are useful beyond their intended origin. Many of these standards if well organised can be complimentary to each other.

But that does not mean we should all work on a mega project where we fuse all the details of each technology. I am happy that your team is doing BrowserId, and that I don't have to do that too. I am not interested in a "open-ended discussion about identity-in-the-browser" either, which is why we have narrowed in the WebID working group on what used to be known as foaf+ssl. Some people wanted us to have a generic project to see how we could link all identity solutions together. 
  ( I think that will end up being useful too in fact, but as a work on a logic of trust and of claims. Because we will end up having wether we want it or not, a number of different ways to authenticate people. But it is not the first thing one can start off with anyway. )

> If not, please do let me know, as that will call into question my participation. I'm not interested in yet another open-ended discussion about identity-in-the-browser.

I agree. But also it's perhaps not a bad thing if we find a spot, such as this mailing list, where we can help find compatibilities between solutions, and where we can clarify misunderstandings we have of each other.

> If W3C prefers that Mozilla go it alone for a while longer, I'm happy to bring that back to our team and consider a more go-it-alone approach for now (though of course we will continue to do everything in the open.)
> 
> -Ben

[1] http://www.w3.org/2005/Incubator/webid/track/issues/2
http://www.w3.org/2005/Incubator/webid/track/issues/3

Social Web Architect
http://bblfish.net/

Received on Wednesday, 26 October 2011 08:13:13 UTC