Re: HTTPS Client Certificate Authentication - Browser Implementation Guidelines

On 5/18/14 4:01 AM, Anders Rundgren wrote:
> If the WebID folks including TimBL believe that the only problem is the UI, the most
> logical thing to do would be creating a document like the subject line suggests.
>
> There is a risk that the vendors will simply laugh at such a request,  but that's much
> better than promising improvements that so far haven't even been acknowledged by
> those who are supposed to implement them.

Look, WebID, WebID-Profile Documents, WebID-TLS are standards. These 
standards build on other standards. Adoption is not by prescription. 
Adoption is a function of opportunity costs.

>
> I would personally be very interested in hearing what the "right" session inactivity
> timeout for logout is.  Client-side enforced logout requires TCP reset.

You can ask Apple about that in regards to their implementation.

If you are curious about "new session initialization" in a browser, you 
can ask Microsoft about that in regards to their implementation.

None of these issues have anything to do with the open standards and 
specs that people are working on re. WebID, WebID-Profile Document, 
WebID-TLS.

>
> Anders
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Sunday, 18 May 2014 16:19:35 UTC