- From: Brent Shambaugh <brent.shambaugh@gmail.com>
- Date: Sun, 5 Jun 2016 12:11:22 -0400
- To: carmen r <_@whats-your.name>
- Cc: public-rww <public-rww@w3.org>
- Message-ID: <CACvcBVpY+dA+5KkoSkq8-wejCKmdeFwXsHyarHXWH6C-goyVrA@mail.gmail.com>
I realized I did not post to the mailing list, so here it is: On Fri, Jun 3, 2016 at 4:59 AM, carmen r <_@whats-your.name> wrote: > > We need a human centric web. i see differentiators between that and our > service orientated heritage > > hi tim(h), sometime in past couple of years tim(bl) in an interview (maybe > TIME.com) mentioned work > yet to be done on social aspects of the web - with a brief mention of > identity or certificates, > also even more briefly noting the idea of family certificates. > as you know, software-support of even the basic user-certificate feature > is in-flux and incomplete in > shipped web-browsers. https://www.w3.org/Webauthn/ appeared, and there's > https://fidoalliance.org > > _____ > membership of a group could be based on possession of a certificate > > group-certs could be exchanged in person with mobile-devices via NFC > tapping or camera and QR-scanning, > after both members initiate a key-exchange session using their > cert-management UI. or cert is escrowed > online in a group's private space, which you could download into browser > as a member > > enhanced-security Solid daemons could store blobs only decryptable by > key-holders, ACL check becomes > pointless other than to avoid sending data that won't be decryptable > _____ > > unsure if you mean "service orientated" as in online service run by a > single company > as in to get "Group" features, everyone creates an account on a particular > online site > > fancier next-of-kin, and power-of-attorney and delegated/proxy scenarios > are the kind of thing that > could potentially be enabled via shared group or family certificates. none > of this is shipping now, > instead major services are implementing things on an adhoc basis: > > “They listened to all the pundits and drew up the documents. Then the bank > says, ‘That’s very nice, but it’s not our form.’” > > > http://www.nytimes.com/2016/05/10/health/finding-out-your-power-of-attorney-is-powerless.html > > > Other situations may involve 'digital hostage' styled use-cases > > keeping in mind the classic https://xkcd.com/538/ when thinking about > keys is good > Perhaps checking out the https://www.w3.org/community/credentials/ or even the https://www.w3.org/Payments/IG/ would be appropriate? Digital Bazaar just rolled out Flex Ledger. ( https://lists.w3.org/Archives/Public/public-webpayments/2016Jun/0001.html). They are definitely interested in looking more into crypto, with the web-payments side pulling most of this weight IIRC, Some recent Timbl related stuff is here (https://github.com/solid/) . Follow the interplay between people involved with solid through WebID and authentication and authorization for webpayments. Some people are skeptical about the blockchain in W3C standardization activities. I am not sure why though. > > a concensus system involving group-members could robustify against this > attack, > you can hold a wrench and point a gun at one person, but can you round up > enough > like-minded evil to do this to >50% of the group-members which would be > required to > do X where X is something like transfer ownership, add new members to > group etc > > > >
Received on Sunday, 5 June 2016 16:11:50 UTC