- From: Ben Laurie <benl@google.com>
- Date: Wed, 26 Sep 2012 16:54:42 +0100
- To: Henry Story <henry.story@bblfish.net>
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
On 26 September 2012 14:24, Henry Story <henry.story@bblfish.net> wrote: > Here is how that would look if we were to imagine a user (me) using Google+. > > One day I go to google plus on my desktop browser and Google Plus entices me to > "Use WebID and login securely across the web" > I click on that banner, and pronto, a certificate is created and transferred to > my browser. (ok perhaps you add an intermediate page with helpful explanations > and cool demos) > > Next I am walking down the street with my Android. Google+ is clever enough to notice that my android does not have a certificate - it does a TLS request for a client certificate, but receives none - and so asks me > "Hi Henry, get a WebID certificate for your phone too" > I click the banner and oops I have a certificate in Android. > > Once I have a certificate for a device, I can log into any web site that supports WebID in one click. I can also determine for any site how much information I wish to give that site about me - using access control on information at my profile. Someting we need to work on still. You seem to have missed out a step - how do these web sites know about my new WebID? Also, if I've been using WebID to log into google for some time, and my Android phone is new, how do I get logged into G+ in order for Google to notice that I do not have a cert?
Received on Wednesday, 26 September 2012 15:55:10 UTC