Re: FYI: Blog post about Web of Identities

On 13 Jul 2009, at 18:31, Kaliya wrote:

> The think I am confused about when you propose this is that your  
> browser becomes a "beacon" giving away your identifier to who ever  
> asks.  Maybe I am not understanding  how this [FOAF+SSL] works but  
> when Kingsley explained it to me at the Sem Web conference this is  
> what I "got"

Your browser should pop up a dialogue box asking which certificate  
you wish to use when you visit a website. If you hit "cancel" then  
the web site may decide to give you anonymous access, or may decline  
to give you access - it's their choice.

However, in some browsers -- particularly if you have exactly one  
certificate installed -- you will not be shown that dialogue box.  
This does raise some anonymity issues, but I tend to see that as a  
browser issue -- the problem has existed for years before FOAF+SSL  
arrived on the scene. If people care about this issue and complain,  
then browser developers will fix it and improve client side SSL  
certificate selection UIs.

Ultimately though, the identifiers used by FOAF+SSL are just opaque  
URLs. The file at the other end of them can include as much or as  
little information about you as you wish to provide. Name? Optional.  
E-mail address? Optional. Shoe size? Yes, if you really want - it's  
up to you!

And you can choose to use different identities for different sites,  
though of course the main motivations for most people in using  
federated identity systems like FOAF+SSL and OpenID are to  
consolidate their identity on the web, and avoid setting up different  
profiles for every service they with to use.

Toby A Inkster

Received on Monday, 13 July 2009 19:16:03 UTC