Re: Webkeys, OpenID, WebID, OAuth etc..

On 21 April 2013 21:15, Henry Story <henry.story@bblfish.net> wrote:

>
> On 21 Apr 2013, at 20:17, Dave Longley <dlongley@digitalbazaar.com> wrote:
>
> > On 04/21/2013 09:18 AM, Henry Story wrote:
> >>
> >> ... your initial implementation was not a
> >> WebID over TLS implementation at all.
> >
> > This is false and perhaps even inflammatory at this point. We've had
> this discussion many times; each time you were disinterested in
> understanding the implementation we did. However, your disinterest had
> nothing to do with the technical merits of the implementation or its
> adherence to how WebID over TLS was described at the time.
> >
> > Our implementation was of a TLS client that used a TLS client-side
> certificate with an alternate name that was a URL that the authentication
> server accessed to obtain the same public key in the client-side
> certificate given during the TLS handshake.
>
> Ah I remeber. One part of it was WebID over TLS, with javascropt
> implementation of TLS. But not having access to the X509
> certificates you had to build a very complicated non decentralised
> protocol around it. I am not sure where the crypto in
> the browser stuff is going, but that's the only hope for that type of
> approach. And since that was not finished, we did
> not make it our priority.
>
> Of course you have a different use case. But for that the certificate
> ontology could still be useful.
>

By the way if you want to see key provisioning in the browser that works
without crypto API, take a look at the open source client at

https://ripple.com/

This is a client that needs to be as strong, if not stronger, than online
banking.  So it shows that it can be done.


>
> > -Dave
> >
> > --
> > Dave Longley
> > CTO
> > Digital Bazaar, Inc.
> >
>
> Social Web Architect
> http://bblfish.net/
>
>