Re: IndieAuth, was Re: W3C - Social Web Working Group from Timothy Holborn on 2014-07-21 (public-webid@w3.org from July 2014)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Tue, 22 Jul 2014 09:20:44 +1000
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Sandro Hawke <sandro@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-Id: <8C9925B4-8967-4933-8EFC-ACBA2722DE2B@gmail.com>

WebID = URI - v.simple. 

Then of course - WebID-TLS starts to include that uri into an AUTH solution. 

ATM - the "mind position" of WebID is arguably the certificate experience, and the uri moreover considered whether or not someone has a "foaf uri".

For WebID to have a "mind position" of "w3c identity & verification solutions" (to verify, one needs auth I imagine) then it needs to be shifted.

This should include the existing spec IMHO. 

Mind position = "what is the brand for cola?"

So...  Anders = WebPKI... ;)

> On 22 Jul 2014, at 4:09 am, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
>> On 21 July 2014 19:32, Sandro Hawke <sandro@w3.org <mailto:sandro@w3.org> wrote:
> <snip>
>> 
>>    The point is that identity is separable, and so it has been separated.    Otherwise it would be too big a piece of work for one WG.
>> 
>>    Your oblique mention of Tantek reminds me, I don't know if this
> >     group has ever talked about the solution he's currently endorsing, IndieAuth:
>> 
>>        https://indieauth.com/
> 
> Nope, never heard about it before.
> 
>> 
>>    It's fascinatingly minimalist.
> 
> Indeed.
> 
> 
> IMO, a more developed version of WebID+PKI could be even better because it
> would be "phishfree", offering PKI-strength, not requiring any text input and
> enabling *user-provided* icons[1].

How might this WebID+PKI system work? 

How is it ENTIRELY decentralised? How can it be used in a centralised / decentralised manner (ie: you loose you keys - too bad / no problem).

I believe there is currently a service available? WebPKI I think it is? Where is the source? How do I install it on my system? (Or any 3rd party) 

Perhaps let me know if I'm wrong, but it assume controlling the auth server (inc. Sovereignty considerations) is an important variable? 

> 
> Such a solution is also independent on if people own domains or not.
> 
> Anders
> 
> [1] making it simple managing multiple IDs (if needed).
> 
>

Received on Monday, 21 July 2014 23:21:16 UTC