Re: Question about "TLS CCA Session" versus "Web Session"

On 5/12/14 4:07 PM, Andrei Sambra wrote:
> Hi,
>
> On Mon, May 12, 2014 at 12:01 PM, Kingsley Idehen 
> <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>> wrote:
>
>     On 5/12/14 11:47 AM, Melvin Carvalho wrote:
>>
>>
>>
>>     On 12 May 2014 16:30, Kingsley Idehen <kidehen@openlinksw.com
>>     <mailto:kidehen@openlinksw.com>> wrote:
>>
>>         On 5/12/14 9:41 AM, Timothy Holborn wrote:
>>
>>             If a user has a static IPv6 address, can that be linked
>>             to a WebID?
>>
>>
>>         Yes!
>>
>>         And at that point the utility of WebID re,. Internet of
>>         Things (IoT) will become even clearer. Today, we are looking
>>         at WebIDs and their effect on one kind of Agent i.e., a
>>         Person. There's much more to come in the Machine-Machine
>>         (M2M) realm of IoT.
>>
>>
>>     +1000
>>
>>     M2M is the next frontier.  Very exciting, and slightly scary! :)
>
>     Not scary if all your data (represented by RDF statement graphs)
>     are deemed private by default.  Thus, your ACLs (or policies)
>     ultimately control data access.
>
>     A genuine fear is that vendors will make your broadly accessible
>     to others by default using UX patterns disguised as convenience.
>
>
> At this point, my personal feeling is that WebID-TLS is probably the 
> best authentication protocol for M2M. While asymmetric crypto has a 
> certain appeal to me for authentication, we all agree that currently 
> the UX is really bad. If we think about it for a second, in a word 
> where M2M is the defacto operation mode, people can simply fallback to 
> username/password authentication. They only need to remember/manage a 
> single pair of credentials.

Remembering a single pair of credentials never ends up being that, as 
the numerous security breaches demonstrate frequently. Managing 
credentials is a nightmare for end-users since "one size doesn't fit 
all" e.g., your preferred password may not work for all the providers. 
Locally, your preferred password may no longer even work for you 
device's host OS. And in some cases, your preferred password is your 
biggest vulnerability.
>
> Things are starting to become interesting!

RDF + Linked Data + a variety of authentication protocols (including 
WebID-TLS) are the way forward, due to the inherent complexity of this 
matter.  Ultimately, simply being like the Web (i.e., webby) is the key 
to addressing these issues via loosely coupled infrastructure.

UX is complex in the simplest of situations, and ultra complex when 
dealing with identity matters. Basically, situations vary and the 
end-user being served is another cognitive being endowed with the 
ability to see things through their own unique "context lenses". 
End-users only access constrained UX while unengaged. Once engaged, the 
initial constrained UX becomes a major headache. In the eyes of a 
programmer, this is when the erstwhile (meek or even dumb) end-user 
transitions from a "controlled customer" to a nightmare that will drain 
your maintenance and support resources as you try to reduce the 
opportunity costs associated with "lost customers" and bad-will.

As I've already demonstrated [1], the browser UI/UX issue is 
diminishing. The problem browsers at this time are:

1. Chrome -- typically used by programmers / developers and a minority 
of power-users
2. Opera -- typically used by a few programmers and a few power-users.

Safari (Mac OS X and iOS), IE, and Firefox (which has the poorest UI) 
all work fine in regards to TLS CCA whereby the user can switch 
identities without restarting the browser.

Chrome and Opera will get better because neither wants to lose out to 
its competitors in the browser related features arms race.

[1] http://id.myopenlink.net/ods/webid_demo.html -- simple WebID-TLS 
based WebID verification service that enables testing of TLS CCA state 
of art across browsers.

Kingsley
>
> -- Andrei
>
>     -- 
>
>     Regards,
>
>     Kingsley Idehen 
>     Founder & CEO
>     OpenLink Software
>     Company Web:http://www.openlinksw.com
>     Personal Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
>     Twitter Profile:https://twitter.com/kidehen
>     Google+ Profile:https://plus.google.com/+KingsleyIdehen/about
>     LinkedIn Profile:http://www.linkedin.com/in/kidehen
>
>
>
>
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen