Group Certificates and their utility or uselessness from carmen r on 2016-06-03 (public-rww@w3.org from June 2016)

From: carmen r <_@whats-your.name>
Date: Fri, 3 Jun 2016 08:59:56 +0000
To: public-rww@w3.org
Message-ID: <20160603085956.GA26115@z>

> We need a human centric web. i see differentiators between that and our service orientated heritage

hi tim(h), sometime in past couple of years tim(bl) in an interview (maybe TIME.com) mentioned work
yet to be done on social aspects of the web - with a brief mention of identity or certificates,
also even more briefly noting the idea of family certificates.
as you know, software-support of even the basic user-certificate feature is in-flux and incomplete in
shipped web-browsers. https://www.w3.org/Webauthn/ appeared, and there's https://fidoalliance.org

_____
membership of a group could be based on possession of a certificate

group-certs could be exchanged in person with mobile-devices via NFC tapping or camera and QR-scanning,
after both members initiate a key-exchange session using their cert-management UI. or cert is escrowed
online in a group's private space, which you could download into browser as a member

enhanced-security Solid daemons could store blobs only decryptable by key-holders, ACL check becomes
pointless other than to avoid sending data that won't be decryptable
_____

unsure if you mean "service orientated" as in online service run by a single company
as in to get "Group" features, everyone creates an account on a particular online site

fancier next-of-kin, and power-of-attorney and delegated/proxy scenarios are the kind of thing that
could potentially be enabled via shared group or family certificates. none of this is shipping now,
instead major services are implementing things on an adhoc basis:

“They listened to all the pundits and drew up the documents. Then the bank says, ‘That’s very nice, but it’s not our form.’”

http://www.nytimes.com/2016/05/10/health/finding-out-your-power-of-attorney-is-powerless.html

> Other situations may involve 'digital hostage' styled use-cases

keeping in mind the classic https://xkcd.com/538/ when thinking about keys is good

a concensus system involving group-members could robustify against this attack,
you can hold a wrench and point a gun at one person, but can you round up enough
like-minded evil to do this to >50% of the group-members which would be required to
do X where X is something like transfer ownership, add new members to group etc

Received on Friday, 3 June 2016 09:00:21 UTC