W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Releasing RWW.IO

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 03 May 2014 13:42:29 +0200
Message-ID: <5364D625.4020406@gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
CC: Andrei Sambra <andrei.sambra@gmail.com>, public-webid <public-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>
On 2014-05-03 13:19, Melvin Carvalho wrote:
> 
> 
> 
> On 3 May 2014 10:08, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     Now I have tried it out as well including the micro-blogging.
> 
> 
> Awesome.  I typed your name "A n d e r" into the channel finder and your webid came up after about 3 letters.  I'm now following you.
>  
> 
>     It was cool with one exception, TLS CCA (Client Certificate Authentication)
> 
>     Logging in to http://cimba.co required me to select certificate twice and
>     from a pretty long list of non-WebID certificates.
> 
>     Unless W3C gets their act together and creates a web-compliant replacement
>     for TLS CCA, WebID won't ever catch on.  I have no faith in W3C for taking
>     any action on this since not even the requirements have ever been discussed.
>     TLS is a sacred cow.
> 
> 
> I think there's a slight distinction between WebID and WebID+TLS.
> 
> WebID itself is independent of the auth mechanism.

Yes, this enhancement was introduced as a "workaround".

> 
> One hope was that mozilla labs would help with the UX, as below.
> 
> http://www.azarask.in/blog/post/identity-in-the-browser-firefox/ <http://www.azarask.in/blog/post/identity-in-the-browser-firefox/>

That's where it gets wrong, there is no UX problem to solve. It is the
underpinning TLS CCA scheme that is the sole culprit which is why Google,
Microsoft, Paypal, RSA, ARM (!), etc. abandoned it in favor of U2F.

Your best option at this stage is probably defining a WebID-U2F profile.

Personally, I'm not overly interested in U2F, it is much simpler making
client-side X.509 "web-compatible" by building on the already established
schemes out there.

Anders

> 
> 
>     Fortunately Google hadn't any problems slaughtering this poor creature
>     when they started their U2F project which have created a hype I haven't
>     seen before during my 15Y+ in the "id-business".  It didn't take an
>     eternity either.
> 
>     Anders
>     grumpy old fart with a mission
> 
> 
> 
Received on Saturday, 3 May 2014 11:43:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC