- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 21 Nov 2014 13:37:07 +0100
- To: "henry.story@bblfish.net" <henry.story@bblfish.net>, Mo McRoberts <Mo.McRoberts@bbc.co.uk>
- CC: "public-webid@w3.org" <public-webid@w3.org>
On 2014-11-21 12:58, henry.story@bblfish.net wrote: <snip> > Ok, in your case as you are creating certificates for the BBC (and its partners?), > which is a large enough community for these to having meaning. Perhaps an explanation > of how you use certificates would be useful. Where do people login with your > Certificates? Only on the BBC site? Or also partner sites? > > In general CA requirements make it impossible to use for any > company smaller than the BBC. Particularly it makes it useless > for individuals or small companies, as without a CA nobody would > recognise their certificate. It would only be useable for their > own site, in which case username/passwords would be all that is > needed. Henry, PKI (when it works) is just a better version of username/password. How far a specific certificate takes you is identical to any other login mechanism. Enterprise certificates typically aren't used outside of the enterprise. If your company is using AD, PKI comes for free as a part of the MSFT package. For this market PKI works reasonably well and this is the only market MSFT cares about. Anders
Received on Friday, 21 November 2014 12:37:39 UTC