- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 03 May 2014 16:45:51 +0200
- To: Andrei Sambra <andrei.sambra@gmail.com>
- CC: public-webid <public-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>
On 2014-05-03 15:43, Andrei Sambra wrote: > > I think there's a slight distinction between WebID and WebID+TLS. > > > > WebID itself is independent of the auth mechanism. > > Yes, this enhancement was introduced as a "workaround". > > > Not at all. You must still be reasoning in terms of WebID = TLS CCA. > WebID is all about identifiers and identity (it's written in the spec, really), > whereas WebID-TLS deals with authentication. It was never an "enhancement", nor a "workaround". We can call it whatever we like, the user-experience offered by WebID as featured on http://cimba.co web doesn't meet reasonable user expectations and as see it it never will unless you use another authentication method like FB Connect. However, in addition to likely bringing in the NASCAR syndrome (to cope with other IDPs), FB Connect is essentially the opposite to decentralized so from my perspective WebID appears as "not ready for prime-time". If it is of any comfort, the Web Payment folks suffer from the same problem, i.e. a lack a suitable authentication system combining convenience AND security. Cheers, Anders
Received on Saturday, 3 May 2014 14:46:33 UTC