On Wed, Aug 7, 2013 at 7:34 PM, Nick Jennings <nick@silverbucket.net> wrote:
> Hi Kingsley,
>
> Thanks for the links. Trying out the first link (
> http://youid.openlinksw.com/) now, some notes:
> 2. With firefox, after filling out the form, I get a download dialogue for
> the cert instead of it installing into the browser. So I saved, then went
> into preferences and "import" ... which was successful with "Successfully
> restored your security certificate(s) and private key(s)". Previously, with
> my-profile.eu, this was automatically installed into the browser (I was
> using Chrome then). Though I guess it's better to have it export/save by
> default so you can install the same cert on any number of browsers without
> hassle. Still, it creates more steps and could be confusing for new users.
>
Downloading the cert means that it was generated on the server side, thus
the server has knowledge of your private key -> BAD. Using the HTML5
<KEYGEN> element is always preferred in this case, which is currently the
case for my-profile.eu and rww.io.
> 3. After importing the cert, when I go to rww.io, it asks me to select a
> cert (which I do) but then when I view silverbucket.rww.io it still says
> in the upper right "webid login"... I can't tell if I registered this spot
> and it's working, or not. There's no real user feedback as to login state.
> Same with taskify.org. I don't know if this is a site UI problem or a
> cert issue.
>
The only visual feedback you get on rww.io is that the WebID Login link
will be replaced with your name and picture in the top right corner. If you
click the login link and nothing changes, it means that the authentication
failed. However, rww.io uses dns as a default alternative authentication
method if you can't provide a WebID.
Andrei