- From: Henry Story <henry.story@bblfish.net>
- Date: Fri, 5 Oct 2012 21:42:02 +0200
- To: "public-webid@w3.org" <public-webid@w3.org>, Ben Laurie <benl@google.com>
- Message-Id: <B8D6C791-58EE-428F-AB55-FF609BD39438@bblfish.net>
On 27 Sep 2012, at 13:11, Henry Story <henry.story@bblfish.net> wrote: > While it is still fresh in my head let me write down a few things that came out of the conversation with Ben that we can improve in our spec: > > 1. Improve the spec to show how a WebID can be associated with a number of public keys. > 2. Add a wiki page detailing the Making the public key: > - we should have a wiki page that goes into detail in the process of key creation as shown in the video shown on > http://webid.info/ > so we can point people to it. This is not obvious > 3. Having a password for your profile page is no sin. > We should perhaps emphasize that somewhere: the profile page you have may be the one place > you can still use a password. I know that foaf.me and my-profile had wanted to only use certificates, and that doing this though conceptually cool, makes starting things up more difficult. Other toosl can be used such as one time passwords, or OATH ( OATH not OAUTH! ), but the benefits of WebID comes from logging into OTHER sites that support it, removing the NASCAR problems. > 4. Explain TLS renegotiation more: this is what allows one to create TLS sites that don't ask you for a certificate before you even reach the page. > 5. Link clearly to the improvements in browsers that can be done. > > All of these should be easily available from the home page of the community group and from webid.info > > Those some points I can remember, that we could improve. We also need to do the security considernations section and though this is not a final standard it is probably going to be useful to use the vocabulary from here http://tools.ietf.org/html/draft-iab-privacy-considerations-03 https://tools.ietf.org/html/draft-hansen-privacy-terminology-03 A good place to start would be to look at Harry Halpin's condensed FUD. http://lists.w3.org/Archives/Public/public-identity/2012Oct/0036.html Henry > > Henry > > Social Web Architect > http://bblfish.net/ > Social Web Architect http://bblfish.net/
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Friday, 5 October 2012 19:42:34 UTC