Re: Decentralized Web without Decentralized Authentication? from Tim Holborn on 2014-07-18 (public-webid@w3.org from July 2014)

From: Tim Holborn <timothy.holborn@gmail.com>
Date: Fri, 18 Jul 2014 19:35:13 +1000
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: "public-webid@w3.org" <public-webid@w3.org>
Message-Id: <DE08ADEB-FCB0-4613-AD32-45037195D82E@gmail.com>

On 18 Jul 2014, at 7:04 pm, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:

> On 2014-07-18 10:52, Tim Holborn wrote:
>> an interesting example.
>> 
>> see: https://www.respectnetwork.com/ and all the info http://info.respectnetwork.com/ - seems like it’s saying the right things, yeah? looks awesome from a non-specialist point of view.
> 
> IMO, a properly working, open and truly decentralized authentication solution wouldn't need a "help fund this button”.

+1 (almost).  I think it needs irc.freenode #webcredits (otherwise known as web credits) interacting with a system that tracks ‘approved contributions’, and a ‘bucket’, where ‘donations’ are made, and emptied into the former system..

perhaps a model might exist to change the way web-hosting is marketed.  Yet, equally they’d have to do it in such a way, that they know - the user can export their environment and move elsewhere should they be unhappy wigh the service provided to them.

When wrapped back to AUTH - yes, perhaps the host has an institutional mechanism (customer can ‘loose their keys’) but is for strict purpose (not mkt.), and otherwise - specific to the ‘institutional provider’ (move to different hosting provider - new keys issued perhaps…)

but it does start to get fuzzy.

> 
> Anders
> 
> 
>> 
>> Yet - when you sign-up on the homepage: https://www.respectnetwork.com/ - how’s the AUTH / UserID system actually work? Does anyone know?
>> 
>> On 18 Jul 2014, at 6:47 pm, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>> 
>>> The Decentralized Web requires Decentralized Authentication, right?
>>> 
>> +1
>>> WebID-TLS have the basics but fails UI-wise due to in its inability separating the
>>> certificates that actually are intended for usage with WebID-TLS. Most other
>>> authentication-schemes also operate on the application-level which has several
>>> implementation-advantages.
>>> 
>>> Does OpenID qualify?
>>> IMO, OpenID doesn't offer a reasonable user-experience unless the browser in some
>>> way lists the actual user's IdP-alternatives.  Is this maybe already implemented?
>>> If not, I would say that the fully decentralized web so far remains vapor-ware.
>>> 
>>> Is there another alternative?  Yes, using WebID-TLS certificates but architecting
>>> the solution like the FIDO/Google U2F scheme (JSON-based challenge-response).
>>> Or is Google the only party who can do things like that?
>>> 
>>> Cheers,
>>> Anders
>>> 
>> 
>

Received on Friday, 18 July 2014 09:38:27 UTC