- From: Tim Holborn <timothy.holborn@gmail.com>
- Date: Tue, 17 Jun 2014 12:24:39 +1000
- To: Dave Longley <dlongley@digitalbazaar.com>
- Cc: Web Payments CG <public-webpayments@w3.org>
- Message-Id: <8329D754-B797-4ABD-9D64-574233D46171@gmail.com>
On 17 Jun 2014, at 1:41 am, Dave Longley <dlongley@digitalbazaar.com> wrote: > On 06/15/2014 09:36 PM, Manu Sporny wrote: >> On 06/15/2014 08:21 PM, Kingsley Idehen wrote: >>> On 6/10/14 7:21 PM, Dave Longley wrote: >>>>> Okay, but I am also demonstrating to you that competitive >>>>> pressures and >>>>>> "opportunity costs" are the keys to getting browser vendors to >>>>>> respond. Right now we have IE, Firefox, and Safari working >>>>>> fine, which leaves Opera and Chrome. >>>>>> >>>>>> The top browsers across desktop, notebooks, tablets, palmtops, >>>>>> and phones don't have a TLS CCA problem. >>>> "Working fine" is subjective. I disagree that there isn't a TLS >>>> CCA problem, but, like Manu, won't argue the point and will wait to >>>> see if WebID+TLS gains any traction. >>>> >>>> >>> "Working fine" means that across IE, Safari, and Firefox, I can >>> demonstrate the fact that you don't have to restart any of the >>> aforementioned browsers in a quest to change the identity of the >>> agent seeking at access a protected resource. >> >> Yes, that's demonstrably true. That's also not what is broken with >> WebID+TLS. :) > > +1. The crux of the matter with UX and WebID-TLS isn't that it's > *possible* to actually use what most would consider required features > (eg: logout). It's that the *way* you interact with the browser to > create identities, authenticate with websites, be aware of which > identity you've authenticated with, logout, etc. is an unacceptably > clunky, foreign experience that places far behind other technology in > the problem space. > WebID-TLS is being applied to a persona. if it’s applied to a machine that can be linked to an identities; well the machine account doesn’t need to logout during usage…. The URI within WebID-TLS is simply to describe an AGENT - If that agent is the machine, linked to identity credentials (and ideally, an RWW data space) - i don’t see any problems with the spec. just the interpretation… :P > That's, of course, my subjective opinion, but I would expect usability > studies to confirm it. The UX needs to be equivalent or easier than what > people do today with "Sign on with Google/Facebook/etc". It's just not > there yet, IMO. > > > -- > Dave Longley > CTO > Digital Bazaar, Inc.
Received on Tuesday, 17 June 2014 02:27:18 UTC