- From: Brian Allen Vanderburg II <brianvanderburg2@aim.com>
- Date: Tue, 27 May 2014 13:08:02 -0400
- To: public-webid@w3.org
- Message-ID: <5384C672.3080900@aim.com>
As a person using many different accounts to different sites, having a lot of usernames and passwords can be a real pain. As a result, I like the ideas I've seen with concepts like OpenID and WebID. I do have one question/idea that I would like to know about that could improve it. OpenID requires third party identity providers. That means that I don't really "own" my identity, instead another group owns my identity. If, for some reason, that server is unavailable, I can't use that identity. Or if that server gets compromised, then my identity, along with others, may also become compromised. One idea I've had in the past would be a system similar to SSH private key logins. With SSH, I own my identity by owning my private key file. I can put the same public key on multiple systems, and log in using that one private key file. It doesn't depend on any external third party groups, only my client and the server I am connected to. I'm only vaguely familiar with WebID. It seems like it works by storing a client certificate on the user's computer. But it still seems to require a public server for access to the WebID foaf.rdf file. Would it not be possible for a client/browser to implement it's own way of storing that file and sending it to a server when attempting to use WebID for authentication and login, so that it would remove the need of some hosting provider or server from storing it. The idea there would be to allow the user to own their identity entirely, without any need of an external provider or server to host the file, perhaps allowing for ID by the key fingerprint. Brian Vanderburg II
Received on Tuesday, 27 May 2014 17:10:33 UTC