Re: Browser usability of Certificates - List of issues from Anders Rundgren on 2014-11-21 (public-webid@w3.org from November 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 21 Nov 2014 15:18:21 +0100
To: Andrei Sambra <andrei.sambra@gmail.com>
CC: "henry.story@bblfish.net" <henry.story@bblfish.net>, Mo McRoberts <Mo.McRoberts@bbc.co.uk>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <546F49AD.1010703@gmail.com>

On 2014-11-21 15:12, Andrei Sambra wrote:
>
>
> On Fri, Nov 21, 2014 at 7:37 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2014-11-21 12:58, henry.story@bblfish.net <mailto:henry.story@bblfish.net> wrote:
>     <snip>
>
>         Ok, in your case as you are creating certificates for the BBC (and its partners?),
>         which is a large enough community for these to having meaning. Perhaps an explanation
>         of how you use certificates would be useful. Where do people login with your
>         Certificates? Only on the BBC site? Or also partner sites?
>
>         In general CA requirements make it impossible to use for any
>         company smaller than the BBC. Particularly it makes it useless
>         for individuals or small companies, as without a CA nobody would
>         recognise their certificate. It would only be useable for their
>         own site, in which case username/passwords would be all that is
>         needed.
>
>
>     Henry,
>     PKI (when it works) is just a better version of username/password.
>
> Actually it is a lot more than that, and this is probably the "key" (sic) element you're missing. PKI does not require servers to create and manage usernames/passwords. Instead, it allows for a completely decentralized system based on (a certain level) trust. You _cannot_ create usernames/passwords apriori for the whole planet. :-)

Andrei,

I wasn't referring to WebID or the social web but to the since long time deployed PKIs like the US federal government PKI which are isolated trust networks.

Anders

>
> -- Andrei
>
>
>     How far a specific certificate takes you is identical to any other login mechanism.
>     Enterprise certificates typically aren't used outside of the enterprise.
>
>     If your company is using AD, PKI comes for free as a part of the MSFT package.
>     For this market PKI works reasonably well and this is the only market MSFT cares about.
>
>     Anders
>
>
>
>

Received on Friday, 21 November 2014 14:18:54 UTC