Re: Microsoft's Information Cards. Was: UI for client cert selection (Was: Releasing RWW.IO)

On 5/6/14 4:22 PM, Anders Rundgren wrote:
> On 2014-05-06 21:02, Kingsley Idehen wrote:
> <snip>
>>>> Anders,
>>>>
>>>> Once you delve a litter deeper into RDF based Linked Data prowess, you
>>>> will be more hopeful.
>>>>
>>>> I don't share your pessimism, and I've used every piece of technology to
>>>> which you've made reference thus far.
>>> Yes, the WebID group is like Microsoft stuck in an ever-lasting "denial" state.
>>>
>>> Fortunately, the world at large has moved on.
>> On to what?
> Since WebID-TLS never delivered what it promised, the opposite in the form of
> Facebook, Google and similar super-provider in China have become the de-facto
> standard for social network login.

WebID-TLS isn't a promise. It's a solution that makes PKI Webby and 
entity relations semantics savvy (via RDF).

>
>> The identity and privacy issues remain, even more so today. The big
>> social media networks don't have a solution, or what am I missing here?
>> A solution is one in which you (not them) control:
>>
>> 1. your identity
>> 2. calibration of your vulnerabilities online.
> This was pretty much what Microsoft tried to do with Information Cards as
> well but it failed.

As someone who's worked with Microsoft technology (in many guises) for 
20+ years, I can tell you that Passport failed because it was yet 
another technology based silo vector i.e., it was a Windows lock-in play 
that failed, as will always be the case.

>   IMO, because it was dogmatic, inflexible and didn't
> consider those who had already invested heavily in X.509 client certs.

No, it was all about Windows specificity hence the failure.


>
>
>>> Personally, I believe that the primary designer of U2F, Google, prematurely dismissed
>>> traditional X.509 client certificates as a useless and privacy-impeding technology.
>> Yes, that's a personal view, so who knows? :-)
>>
>>> Could this maybe have something to do with HTML5's <keygen> as well?
>>> To my knowledge no mobile bank is using this piece of junk which is the current
>>> enrollment solution in Android. iOS doesn't support <keygen> although Apple was
>>> very keen that it became a W3C standard :-)
>> Apple doesn't need <keygen/> . It knows how to handle crypto data. It
>> also knows a lot about UI and UX.
> Apple's counterpart to <keygen/> doesn't match banks requirements neither
> regarding the UX nor functionality.

Apple has Keychain. It doesn't require <keygen/> .

>   It's not even possible to assign a
> PIN to a key.

"assign" is about "association" (relation or connection). That's 
achieved via relation semantics represented in structured data build 
using open standards.


Kingsley
>
>
>>> As I see it, the X.509 client-side-cert journey have just begun!
>>> The predecessors disappeared somewhere along the road and no search-party were ever sent out...
>>>
>>> That's optimism :-)
>> X.509 + HTTP URIs == Webby PKI (or PKI webized). That's what's going to
>> win out, ultimately. Nothing to do with my prediction capabilities,
>> everything to do with the dexterity inherent in the aforementioned
>> infrastructure and the identity combined with identity + privacy issues
>> tsunami headed the way of all the current social media behemoths. Ditto
>> the banks.
> Building a decentralized system is technically much more difficult than
> a centralized system regardless of what it does.
>
> Paypal and Google can with ease deploy strong authentication using U2F,
> something their distributed counterparts (like banks) cannot since they
> haven't any suitable technology for doing that.
>
> Nothing will happen until the above is a fact based on conventional wisdom
> which says that things must screw-up completely to make change inevitable.
>
> I leave it to TimBL to call for proposals.
>
> Anders
>
>>
>> Kingsley
>>> Anders
>>>
>>>
>>>
>>>
>>
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen