Re: Identity and verifying who you're talking to from Francois Daoust on 2011-11-10 (public-webrtc@w3.org from November 2011)

From: Francois Daoust <fd@w3.org>
Date: Thu, 10 Nov 2011 11:26:03 +0100
To: Harald Alvestrand <harald@alvestrand.no>
CC: Eric Rescorla <ekr@rtfm.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <4EBBA6BB.5040005@w3.org>

On 11/10/2011 10:57 AM, Harald Alvestrand wrote:
> On 11/10/2011 06:34 AM, Eric Rescorla wrote:
>> I've been thinking about this a bunch and I'm happy to volunteer, as
>> long as you're
>> OK with it being someone who's not a WG member.
>
> Thank you!
> Mahalingam Mani already organized a workshop on this at TPAC on Wednesday (that day was done "unconference" styile), and has volunteered to take the lead as a WG member. I'm sure you can work on this together.

As potential food for the discussion, note the report of this unconference style breakout session is available at (PDF format):
  http://www.w3.org/wiki/images/6/6a/IdentityBreakout.pdf

The minutes are also available:
  http://www.w3.org/2011/11/02-identity-minutes.html

Francois.

PS: these links appear on the Technical Plenary day agenda for those of you interested in reviewing other breakout sessions:
  http://www.w3.org/wiki/TPAC2011#Session_Grid



>> -Ekr
>>
>>
>> On Wed, Nov 9, 2011 at 8:55 AM, Harald Alvestrand<harald@alvestrand.no> wrote:
>>> In the minutes from TPAC, there was a long section on identity: If you want
>>> to verify who you're talking to, what namespace are you actually verifying
>>> the identity against, and how is that mapped onto observable fields in
>>> protocols, and from there to stuff that's visible on the API?
>>>
>>> A lot of the discussion is here:
>>>
>>> http://www.w3.org/2011/11/01-webrtc-minutes.html#item06
>>>
>>> I'd very much welcome if someone could pick up this action and present some
>>> actionable proposals for it:
>>>
>>> - How do we verify identity without tying ourselves to one specific identity
>>> framework?
>>> - What functions in our channel setup mechanism (DTLS-SRTP hashes???) do we
>>> use for communicating info that lets us verify the identity?
>>> - What are the requirements for the UI that result from such a verification
>>> mechanism?
>>>
>>> Volunteers?
>>>
>>> Harald, for the chairs
>>>
>>>
>>>
>>>
>>
>
>
>

Received on Thursday, 10 November 2011 10:26:32 UTC