- From: Charles Pritchard <chuck@jumis.com>
- Date: Wed, 9 May 2012 21:26:08 -0700
- To: Doug Schepers <schepers@w3.org>
- Cc: "SULLIVAN, BRYAN L" <bs3131@att.com>, Magnus Olsson <magnus.olsson@ericsson.com>, "public-web-intents@w3.org" <public-web-intents@w3.org>, Harry Halpin <hhalpin@w3.org>
There's handshake and autofill. Yubico makes a fun product which does autofill. When you verify with their servers it becomes a handshake. Autofill says: this is my email/user/pass. Handshake says server X confirms that token Y is valid. On May 9, 2012, at 9:03 PM, Doug Schepers <schepers@w3.org> wrote: > Hi, folks- > > Actually, thinking further on it, logging in is only one of the problems that identifying a person solves. I like the idea of an 'GetCredentials' intent (or something simpler), specifically, because it also addresses zero-knowledge proof scenarios, or cases where you want to authorize (verify that the user is permitted to do what they are trying to do) without uniquely identifying them. > > As far as the specific mechanism or protocol, I agree with Bryan that I'd rather that Web Intents were not a kingmaker here... any scheme that is able to work with the constraints should be an option, not just OAuth (though I admit I don't know which schemes are possible). > > Regards- > -Doug > > On 5/9/12 7:13 PM, SULLIVAN, BRYAN L wrote: >> I think at this point the idea is just one of the "solve the nascar >> problem" type opportunities. I don't know how it will work, but I am >> watching these threads and we will be trying out ideas as we go, and >> the demos available. >> >> I think one option is for the website to be able to reference its >> preferred intent providers, if this is possible through the same >> general idea as the intent registration markup (i.e. the preference >> is disclosed through some markup). >> >> Thanks, Bryan Sullivan >> >> -----Original Message----- From: Magnus Olsson >> [mailto:magnus.olsson@ericsson.com] Sent: Tuesday, May 08, 2012 6:59 >> AM To: SULLIVAN, BRYAN L; Doug Schepers; public-web-intents@w3.org; >> Harry Halpin Subject: RE: New 'Login' Intent? >> >> But how is this related to the HTTP code 401, authorization >> required? >> >> Or is the "intention" to ask for a sort of single sign on gateway to >> carry out the actual login? (assume the using part implies selection >> of alternative means, what intent is all about of course). >> >> Still, an application server is the one to "invite" (or bluntly >> require) a user to login in, in order to navigate further into a >> service. In that case there has to be a "preference" (accepted >> methods) from the server side that the "LoginUsing" intent can >> respond/relate to? >> >> >> Br Magnus >> >> -----Original Message----- From: SULLIVAN, BRYAN L >> [mailto:bs3131@att.com] Sent: den 7 maj 2012 18:53 To: Doug Schepers; >> public-web-intents@w3.org; Harry Halpin Subject: RE: New 'Login' >> Intent? >> >> I think this is a great idea for an Intent. We should start building >> out the wiki (http://www.w3.org/wiki/WebIntents) with such ideas >> (under "Documentation for Web Intents Actions and Types"?). >> >> I suggest the Intent name be "LoginUsing". >> >> Thanks, Bryan Sullivan >> >> -----Original Message----- From: Doug Schepers >> [mailto:schepers@w3.org] Sent: Sunday, May 06, 2012 2:54 PM To: >> public-web-intents@w3.org; Harry Halpin Subject: New 'Login' Intent? >> >> Hi, folks- >> >> Forgive me if this has been discussed before. >> >> The default intents that I know about are 'Discover', 'Share', >> 'Edit', 'View', 'Pick', 'Subscribe', and 'Save'. >> >> One of the great things about Web Intents is the ability to address >> the NASCAR Problem... and one of the worst offenders of that problem >> is the identity issue, which is made worse by the fact that it's >> still not really a solved problem, so there are likely to be more >> iterations of solutions like OpenID Connect (Google, Microsoft, >> etc.), BrowserID, Twitter, Facebook Connect, etc. >> >> I propose that we have another intent, 'Login' (I don't care about >> the name... it could be 'SignOn', 'SignIn', 'SelectIdentity', or >> whatever). This would let users select from their choice of Identity >> Providers (IDPs), or to create or use a bespoke account for that >> specific site. >> >> A corollary to this would be 'Comment' or 'Discuss', which is often >> hosted by third-party services like Disqus. >> >> Regards- -Doug Schepers W3C Developer Relations Project Coordinator, >> SVG, WebApps, Touch Events, and Audio WGs >> > >
Received on Thursday, 10 May 2012 04:26:42 UTC