W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: UI for client cert selection (Was: Releasing RWW.IO)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 4 May 2014 11:59:51 +0200
Message-ID: <CAKaEYhJz8FdUVcqjFgq90Z=M59FbMUEAOmZhSw79_c8+fR8eVw@mail.gmail.com>
To: Tim Berners-Lee <timbl@w3.org>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Andrei Sambra <andrei.sambra@gmail.com>, public-webid <public-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>
On 3 May 2014 20:51, Tim Berners-Lee <timbl@w3.org> wrote:

> On 2014-05 -03, at 10:45, Anders Rundgren <anders.rundgren.net@gmail.com>
> wrote:
> >
> > We can call it whatever we like, the user-experience offered by WebID as
> featured
> > on http://cimba.co web doesn't meet reasonable user expectations [..]
> So imagine the browser was going to be changed to make that better.
> People seem to widely agree that the client-side cert UI is bad on browsers
> Can we at least do a thought experiment to be in a world where it is fixed
> -- what would that look like?
> Maybe things like:-
> - Allowing the user to click a check box on "Always use this persona
> (client-side cert) with this web site (domain)"
> - Allowing a preferences access to manage the persona/website allocation
> matrix
> - Allow more screen space for selecting those certs
> - Allow a user to label, color, and suppress certs in the list
> - By default, not including expired certs in the list
> - Tracking which persona is in use on this website (only when a user has
> more than one) in the URL bar

When geolocation was added to the browser, it was possible for browser to
request your location.

Perhaps requesting your identity can work the same way.
- Allow Once
- Allow always for this site
- Dont allow

I suspect most people will start with a single identity, and if it catches
on might stabilize around 2-3, just like email address usage.

For those users you could have a selection process that lets you select a
name/avatar card like picture that you'd like to present to that site.
Mozilla actually coded this up and were going to take it forward as
"Identity in the browser" some years ago.


Unfortunately this solution never made it out of mozilla labs.  Instead,
they went with verified email (Persona), which did not gain the adoption
that Mozilla was aiming at.

> and so on.  Maybe is someone sketched the UI then a browser code could be
> persuaded to do it.
> It is necessary for existing client side cert sites anyway, and would
> maybe make the cimba.co experience
> quite reasonable.
> timbl
Received on Sunday, 4 May 2014 10:00:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC