W3C home > Mailing lists > Public > public-webid@w3.org > November 2014

Re: Simple Page-Owner Token (SPOT) Authentication

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 19 Nov 2014 08:16:39 -0500
Message-ID: <546C9837.7020902@openlinksw.com>
To: public-webid@w3.org
On 11/18/14 9:42 PM, Sandro Hawke wrote:
> On 11/12/2014 01:01 AM, Anders Rundgren wrote:
>> On 2014-11-12 05:36, Sandro Hawke wrote:
>>> On 11/10/2014 06:39 AM, Melvin Carvalho wrote:
>>>> Just wanted to highlight this interesting work from sandro
>>>
>>> Thanks.   I should say the design came out of discussions with 
>>> Andrei Sambra,
>> > trying to avoid the problems with poor browser support of client 
>> certificates.
>>
>> Sandro, that's a very interesting statement since the W3C is just 
>> about to launch
>> a continuation of WebCrypto which indeed may be focused on 
>> certificates and browsers!
>>
>
> I'm just speaking for myself as a user and software developer; I'm not 
> involved in that W3C work.  My feeling is the UX is terrible. My 
> understanding is the only people who ever use it are people without a 
> choice, like enterprise employees and university students.  What 
> fraction of consumer websites use client certs for user 
> authentication?   I've never seen one.   I think that's because the UX 
> is so bad.
>
>       -- Sandro 

Sandro,

If users are clueless about what they are doing, no amount of UX + UI 
will solve that. This issue isn't just about browser implementations, 
its about the combined effects of understanding (on the parts of users 
and app developers), UX, and UI.

Focusing on the "UI/UX is bad" narrative will not fix anything. Which is 
akin to the "RDF tools are bad" narrative.

Why don't we try a little harder in regards to exploiting the pinhole 
that TLS CCA offers? We've done that, and had success [1].

Users don't have a major problem with TLS CCA once they understand 
what's happening. Like many things (in my experience) its developers 
that are once again jumping to their own conclusions on behalf of 
end-users.


[1] http://youid.openlinksw.com -- Certificate Generator that produces 
Certs that make TLS CCA interactions easier to understand (New HTML 
version will soon be released) .

-- 
Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this




Received on Wednesday, 19 November 2014 13:17:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:50 UTC