W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Releasing RWW.IO

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sat, 3 May 2014 19:46:28 +1000
Message-ID: <CAM1Sok3okiZyoQk7x4BW5Y2_qqktPe=+bA6YE+fj21+ioDf6Fg@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Henry Story <henry.story@bblfish.net>, Andrei Sambra <andrei.sambra@gmail.com>, public-webid <public-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>
Forgot to include list...

I Like WebID because it can connext a secure cloud-storage / cloud-account
/ systems environment to specified machine.

I think its that simple.

Generally, people have been building proof of concept work. That's slowely
becoming developed,  but its free software and in most environment people
don't get the need to make a new platform, like Linux but different,  and
how the fact that these underlying elements being free, can resuly in
data-portability for users, no golden handcuffs, natural legal entity
centric in ways that since flash connected to a database is not done almost
anywhere in this internet protocol enabled society,  and economic platform
that we call an "evolution".

In summary - I like webid. I may have different concepts as to its
implementation,  but it is, imho, an important part of broader solution...

And given its simplicity,  its not difficult to iron-out the
user-experience bugs. However, rww is just starting to get going and the
two functional technologies, imho,  relate.
 On 03/05/2014 6:56 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com>

> On 2014-05-03 10:24, Tim Holborn wrote:
> > WebID TLS certs may need browser support in future, but, i’m betting if
> the method works, it’ll likely get that browser support (one way or
> another).
> >
> > It does not provide an entire solution however, it is simply a
> constituent of a solution IMHO.
> If this project had started a year ago I would agree but it did actually
> started 5-6 years ago:
> http://www.w3.org/2008/09/msnws/papers/foaf+ssl.html
> The actual problem is that the W3C and the WebID folks didn't consider the
> fact that
> X.509-based client authentication already was widely established for
> things like e-government services
> and on-line banking but that these schemes practically without exception
> rely on proprietary
> browser plugins to get away from the limitations of TLS CCA.
> When I suggested doing something about this I immediately became a
> "Persona Non Grata".
> When Google did the same (through U2F) they became the undisputed king on
> consumer authentication.
> Yes, the world is indeed rather "sheepish" but Google is a fairly good
> shepherd.
> The previous king always claimed that the Internet ends at the AD (Active
> Directory) border.
> When they finally realized it did not, they had no option but joining the
> U2F bandwagon.
> >
> > If you’d done enough testing, you’d have too many WebID Certificates.
> Right-up until the point, where you set-up your own cert; manage it
> effectively, which in-turn means you only need one Cert…
> It doesn't work like that, the problem is fully universal and not limited
> to WebID.
> Anders
> definitely a very bad guy
> >
> > I’ve still not sorted that out yet.
> >
> > i think perhaps a back-up (or export) button on RWW.io might be a good
> idea, somewhere in the todo list.
> >
> > timh.
> >
> > On 3 May 2014, at 6:08 pm, Anders Rundgren <
> anders.rundgren.net@gmail.com> wrote:
> >
> >> Now I have tried it out as well including the micro-blogging.
> >> It was cool with one exception, TLS CCA (Client Certificate
> Authentication)
> >>
> >> Logging in to http://cimba.co required me to select certificate twice
> and
> >> from a pretty long list of non-WebID certificates.
> >>
> >> Unless W3C gets their act together and creates a web-compliant
> replacement
> >> for TLS CCA, WebID won't ever catch on.  I have no faith in W3C for
> taking
> >> any action on this since not even the requirements have ever been
> discussed.
> >> TLS is a sacred cow.
> >>
> >> Fortunately Google hadn't any problems slaughtering this poor creature
> >> when they started their U2F project which have created a hype I haven't
> >> seen before during my 15Y+ in the "id-business".  It didn't take an
> >> eternity either.
> >>
> >> Anders
> >> grumpy old fart with a mission
> >>
> >>
Received on Saturday, 3 May 2014 09:47:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC