W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Question/idea: Self-contained WebID

From: Brian Allen Vanderburg II <brianvanderburg2@aim.com>
Date: Tue, 27 May 2014 13:08:02 -0400
Message-ID: <5384C672.3080900@aim.com>
To: public-webid@w3.org
As a person using many different accounts to different sites, having a
lot of usernames and passwords can be a real pain.  As a result, I like
the ideas I've seen with concepts like OpenID and WebID.  I do have one
question/idea that I would like to know about that could improve it.

OpenID requires third party identity providers.  That means that I don't
really "own" my identity, instead another group owns my identity.  If,
for some reason, that server is unavailable, I can't use that identity. 
Or if that server gets compromised, then my identity, along with others,
may also become compromised.

One idea I've had in the past would be a system similar to SSH private
key logins.  With SSH, I own my identity by owning my private key file. 
I can put the same public key on multiple systems, and log in using that
one private key file.  It doesn't depend on any external third party
groups, only my client and the server I am connected to.

I'm only vaguely familiar with WebID.  It seems like it works by storing
a client certificate on the user's computer.  But it still seems to
require a public server for access to the WebID foaf.rdf file. Would it
not be possible for a client/browser to implement it's own way of
storing that file and sending it to a server when attempting to use
WebID for authentication and login, so that it would remove the need of
some hosting provider or server from storing it.  The idea there would
be to allow the user to own their identity entirely, without any need of
an external provider or server to host the file, perhaps allowing for ID
by the key fingerprint.

Brian Vanderburg II


Received on Tuesday, 27 May 2014 17:10:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC