On 22 October 2012 14:32, Harry Halpin <hhalpin@w3.org> wrote:
> On 10/22/2012 02:03 PM, Kingsley Idehen wrote:
>
>> On 10/22/12 7:26 AM, Ben Laurie wrote:
>>
>>> On 22 October 2012 11:59, Kingsley Idehen <kidehen@openlinksw.com>
>>> wrote:
>>>
>>>> On 10/22/12 5:54 AM, Ben Laurie wrote:
>>>>
>>>>> Where we came in was me pointing out that if you disconnect your
>>>>> identities by using multiple WebIDs, then you have a UI problem, and
>>>>> since then the aim seems to have been to persuade us that multiple
>>>>> WebIDs are not needed.
>>>>>
>>>> Multiple WebIDs (or any other cryptographically verifiable identifier)
>>>> are a
>>>> must.
>>>>
>>>> The issue of UI is inherently subjective. It can't be used to
>>>> objectively
>>>> validate or invalidate Web-scale verifiable identifier systems such as
>>>> WebID or any other mechanism aimed at achieving the same goals.
>>>>
>>> Ultimately what matters is: do users use it correctly? This can be
>>> tested :-)
>>>
>>> Note that it is necessary to test the cases where the website is evil,
>>> too - something that's often conveniently missed out of user testing.
>>> For example, its pretty obvious that OpenID fails horribly in this
>>> case, so it tends not to get tested.
>>>
>>
>> Okay.
>>
>>>
>>> Anyway, Henry, I, and a few others from the WebID IG (hopefully) are
>>>> going
>>>> to knock up some demonstrations to show how this perceived UI/UX
>>>> inconvenience can be addressed.
>>>>
>>> Cool.
>>>
>>
>> Okay, ball is in our court to now present a few implementations that
>> address the UI/UX concerns.
>>
>> Quite relieved to have finally reached this point :-)
>>
>
> No, its not a UI/UX concern, although the UI experience of both identity
> on the Web and with WebID in particular is quite terrible, I agree.
>
Harry, what exactly do you mean by "on the web"?
The reference point I take for this phrase is from the "Axioms of Web
Architecture" :
http://www.w3.org/DesignIssues/Axioms.html#uri
'An information object is "on the web" if it has a URI.'
If I have understood your previous posts correctly you perhaps have a
different definition or referring to something specific. Sorry if im a bit
confused things, It's not that clear hat you mean by the phrase.
> My earlier concern was an information flow concern that causes the issue
> with linkability, which WebID shares to a large extent with other
> server-side information-flow. As stated earlier, as long as you trust the
> browser, BrowserID does ameliorate this. There is also this rather odd
> conflation of "linkability" of URIs with hypertext and URI-enabled Semantic
> Web data" and linkability as a privacy concern.
>
> I do think many people agree stronger cryptographic credentials for
> authentication are a good thing, and BrowserID is based on this and OpenID
> Connect has (albeit not often used) options in this space. I would again,
> please suggest that the WebID community take on board comments in a polite
> manner and not cc mailing lists.
>
Feedback is valuable and appreciated. Certainly the comments made are
taken on board.
With standards such as identity there's always an overlap between different
efforts. I cant speak for others in the community, but I personally agree
that care should be taken to post the right topics to the right list.