W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Should WebIDs denote people or accounts?

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sat, 17 May 2014 20:38:00 +0200
Message-ID: <5377AC88.3060803@gmail.com>
To: public-webid@w3.org
On 2014-05-17 20:17, Kingsley Idehen wrote:
<snip>
>>
>> TLS may be used although banks usually bypass the standard solution for the
>> fact that is is incomplete from their perspective including missing support
>> for PIN-code protected keys for on-line provisioned certificates. Netscape's
>> 1995 two-week student hack (HTML5's keygen) doesn't really cut it.
> 
> As I've told you repeatedly, this too is inaccurate. You are looking at 
> things from a very specific perspective (programming of PKI applications 
> pre Web) that you've rendered immutable. Until you loosen your 
> worldview, we will continue to loop on this matter.

HTTPS Client Certificate Authentication using "soft tokens" as
featured in Firefox, Chrome, MISE and Safari doesn't offer PIN-code
protected credentials which is a prerequisite in the bank-world.

In addition, the banks I talk about have at least FOUR MAGNITUDES
more users than WebID-TLS.  That they don't participate in W3C is
strange but OTOH, I don't see much (if any...) browser vendor
interest in WebID or WebPayments so it would be pointless for
banks to join at this stage.  It would be interesting to hear
what the W3C think about this.

Anders
Received on Saturday, 17 May 2014 18:38:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC