W3C home > Mailing lists > Public > public-webid@w3.org > November 2014

Re: Browser usability of Certificates

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Fri, 21 Nov 2014 09:05:46 +1100
Message-ID: <CAM1Sok2Gc-U=ugJ085=PSD=a2aV-+Uv9JAiWBtF_GN5ftohN2g@mail.gmail.com>
To: "henry.story@bblfish.net" <henry.story@bblfish.net>
Cc: Mo McRoberts <Mo.McRoberts@bbc.co.uk>, "public-webid@w3.org" <public-webid@w3.org>
Mo,

Looking at solutions for TV ATM.  Pursuant to the HbbTV Spec [1], it
appears TV's could be compatible with the WebID Spec.

Whilst i foresee a complication around whether the WebID addresses the TV,
or whether it denotes a person specifically (rather than a TV that is
associated to a group of person/s) it's my view that in this case -
WebID-TLS offers a very neat solution for TV personalisation, especially
if, it's then linked to RWW / LDP platform for storing personalisation
data, etc.

Thoughts?

[1] https://www.hbbtv.org/pages/about_hbbtv/specification.php

On 21 November 2014 05:38, henry.story@bblfish.net <henry.story@bblfish.net>
wrote:

>
> On 19 Nov 2014, at 15:24, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>
>
> On 19 November 2014 14:33, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
>
>> We use TLS CCA within the BBC for access to production services and
>> tools. Thousands upon thousands of people use them regularly. I'm an issuer
>> for third parties who've signed NDAs to get certs, so I also have to deal
>> with them when they get unstuck. I can tell you absolutely categorically
>> that the CCA user experience *is* universally terrible, especially around
>> cert/key management. I know this not because I'm jumping to conclusions on
>> behalf of end-users, but because I have to support the end-users who are
>> using CCA.
>>
>
> Mo, could you drill down into the pain points, in order of what you see as
> the biggest, e.g. auth UI, keys across devices, lost keys, particular
> browsers, etc.
>
>
> +1 that would be very helpful.
> It looks like a big issue you have is due to Certificate Authorities. But
> once WebID removes that, what problems remain?
>
>
>
> Any thoughts on how we could make it better?
>
>
>>
>> M.
>>
>> > On  2014-Nov-19, at 13:16, Kingsley Idehen <kidehen@openlinksw.com>
>> wrote:
>> >
>> > On 11/18/14 9:42 PM, Sandro Hawke wrote:
>> >> On 11/12/2014 01:01 AM, Anders Rundgren wrote:
>> >>> On 2014-11-12 05:36, Sandro Hawke wrote:
>> >>>> On 11/10/2014 06:39 AM, Melvin Carvalho wrote:
>> >>>>> Just wanted to highlight this interesting work from sandro
>> >>>>
>> >>>> Thanks.   I should say the design came out of discussions with
>> Andrei Sambra,
>> >>> > trying to avoid the problems with poor browser support of client
>> certificates.
>> >>>
>> >>> Sandro, that's a very interesting statement since the W3C is just
>> about to launch
>> >>> a continuation of WebCrypto which indeed may be focused on
>> certificates and browsers!
>> >>>
>> >>
>> >> I'm just speaking for myself as a user and software developer; I'm not
>> involved in that W3C work.  My feeling is the UX is terrible. My
>> understanding is the only people who ever use it are people without a
>> choice, like enterprise employees and university students.  What fraction
>> of consumer websites use client certs for user authentication?   I've never
>> seen one.   I think that's because the UX is so bad.
>> >>
>> >>      -- Sandro
>> >
>> > Sandro,
>> >
>> > If users are clueless about what they are doing, no amount of UX + UI
>> will solve that. This issue isn't just about browser implementations, its
>> about the combined effects of understanding (on the parts of users and app
>> developers), UX, and UI.
>> >
>> > Focusing on the "UI/UX is bad" narrative will not fix anything. Which
>> is akin to the "RDF tools are bad" narrative.
>> >
>> > Why don't we try a little harder in regards to exploiting the pinhole
>> that TLS CCA offers? We've done that, and had success [1].
>> >
>> > Users don't have a major problem with TLS CCA once they understand
>> what's happening. Like many things (in my experience) its developers that
>> are once again jumping to their own conclusions on behalf of end-users.
>> >
>> >
>> > [1] http://youid.openlinksw.com -- Certificate Generator that produces
>> Certs that make TLS CCA interactions easier to understand (New HTML version
>> will soon be released) .
>> >
>> > --
>> > Regards,
>> >
>> > Kingsley Idehen
>> > Founder & CEO
>> > OpenLink Software
>> > Company Web: http://www.openlinksw.com
>> > Personal Weblog 1: http://kidehen.blogspot.com
>> > Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
>> > Twitter Profile: https://twitter.com/kidehen
>> > Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>> > LinkedIn Profile: http://www.linkedin.com/in/kidehen
>> > Personal WebID:
>> http://kingsley.idehen.net/dataspace/person/kidehen#this
>> >
>> >
>>
>>
>> --
>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public
>> Space,
>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>>
>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>
>
> Social Web Architect
> http://bblfish.net/
>
>
Received on Thursday, 20 November 2014 22:06:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:50 UTC