W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Question/idea: Self-contained WebID

From: Daniël Bos <corani@gmail.com>
Date: Wed, 28 May 2014 13:20:11 +0800
To: Kingsley Idehen <kidehen@openlinksw.com>,public-webid@w3.org
Message-ID: <8597b08f-88f4-409d-b1a1-718572b582a9@email.android.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On May 28, 2014 2:22:22 AM GMT+08:00, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>On 5/27/14 1:08 PM, Brian Allen Vanderburg II wrote:
>> As a person using many different accounts to different sites, having
>a
>> lot of usernames and passwords can be a real pain.  As a result, I
>like
>> the ideas I've seen with concepts like OpenID and WebID.  I do have
>one
>> question/idea that I would like to know about that could improve it.
>>
>> OpenID requires third party identity providers.  That means that I
>don't
>> really "own" my identity, instead another group owns my identity.
>If,
>> for some reason, that server is unavailable, I can't use that
>identity.
>> Or if that server gets compromised, then my identity, along with
>others,
>> may also become compromised.
>>
>> One idea I've had in the past would be a system similar to SSH
>private
>> key logins.  With SSH, I own my identity by owning my private key
>file.
>> I can put the same public key on multiple systems, and log in using
>that
>> one private key file.  It doesn't depend on any external third party
>> groups, only my client and the server I am connected to.
>>
>> I'm only vaguely familiar with WebID.  It seems like it works by
>storing
>> a client certificate on the user's computer.  But it still seems to
>> require a public server for access to the WebID foaf.rdf file. Would
>it
>> not be possible for a client/browser to implement it's own way of
>> storing that file and sending it to a server when attempting to use
>> WebID for authentication and login, so that it would remove the need
>of
>> some hosting provider or server from storing it.  The idea there
>would
>> be to allow the user to own their identity entirely, without any need
>of
>> an external provider or server to host the file, perhaps allowing for
>ID
>> by the key fingerprint.
>>
>> Brian Vanderburg II
>
>Welcome to WebID, the community.
>
>To answer your fundamental question, the answer is yes. WebID,
>WebID-TLS, WebID-Profile, and WebACLs are all about loosely coupling
>the
>critical pieces that collectively facilitate identity controlled and
>managed by you.
>
>You local digital identity card (x.509 cert) and you public profile
>data
>(wherever *you* choose to store that) are linked semantically. Thus,
>its
>the semantics of the association (between the aforementioned artifacts)
>
>that controls everything rather than the whims, worldviews, or biases
>of
>a specific service provider.
>
>BTW -- There are even applications that showcase what's outlined above,
>
>today [1][2].
>
>
>[1] http://bit.ly/SLEqjt -- YouID for Android devices
>
>[2] http://bit.ly/17rnUpb -- YouID for iOS devices
>
>--
>
>Regards,
>
>Kingsley Idehen
>Founder & CEO
>OpenLink Software
>Company Web: http://www.openlinksw.com
>Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>Twitter Profile: https://twitter.com/kidehen
>Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>LinkedIn Profile: http://www.linkedin.com/in/kidehen

OpenID can actually run locally, since the browser handles all the redirects. In the past I've used an OpenID provider running on localhost. This could just as easily have been baked into the browser.
- --
Best regards,
Daniël Bos


Your government is reading your email. Slow them down with encryption.

My public key: http://goo.gl/gms497 (4096 bit RSA, id EF2D5D91)
Fingerprint  : D8D0 9FBE F075 F709 7B52  2F73 326C 2123 EF2D 5D91
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP Keychain v2.7

iQI7BAEBCgAlBQJThXILHhxEYW5pZWwgQm9zIDxjb3JhbmlAZ21haWwuY29tPgAK
CRAybCEj7y1dkVRyD/480z58F9zX9J6kDvMbiUQk/6jlpab8mi5aGxhLt36fxIfU
0MAushlAHmyTPdpVMlOC4TrpVXOaDKmQWCIyWgcIt2DNjkpZ6PzprfInJ+HHiaDv
COzKo8GmX/RWwUnaoSG1gegilUjfzBT7soaRwgSeRhXNIhpUN5AUIY+RXO7w2aFf
hwJXPL9EdN/OhNhkiMpai1NN+hlV8GiB/wzi76pNs5aUCOXkw6pYBI67ceDQa171
LGs+DpB+WbAwA9+Pd3HTxMW/lFk2/dbEMhv40MyBfFWcbLHFcday2ZOng49NpIH7
THgVIFhHvJtsdBeU4j4jObk7VraZaOayh80cQs8QjRb2Fqzu8slD80XGB7cQUT7W
WS3Uoz+DLbuhizPrjwy5+ixfgv2c1K77bderim0UJKmret2kPNC7Zb2rn3oZTMWp
lZqg9duczrdXKUemcM/JR4z8N6Ax+IFEygqSEc5rvbA5YeF6hltP1uA6J14K5Zus
0lbvb2C+jvRQxEyjDJAcwo0mvP2B5GOBjy59zHh3tBaA+frIMi4m+sMuOrMBqEm1
eqO2Bwto/eOc8xObOpYCio6UAwEbMD4w8cJ66LYBKYMYYZ7BsHydqGvAIr1fAE7I
7FgcrBhGzzFy93D3DVv0LR7yNVve53LVPn8RxCMg8z5iPKuqSM6NbC8IVSekoQ==
=klpr
-----END PGP SIGNATURE-----
Received on Wednesday, 28 May 2014 05:20:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC