Re: FYI: Blog post about Web of Identities from Dan Brickley on 2009-07-14 (public-xg-socialweb@w3.org from July 2009)

From: Dan Brickley <danbri@danbri.org>
Date: Tue, 14 Jul 2009 09:20:29 +0200
To: Toby A Inkster <tai@g5n.co.uk>
CC: Kaliya <kaliya@mac.com>, public-xg-socialweb@w3.org
Message-ID: <4A5C31BD.2000903@danbri.org>

On 13/7/09 21:16, Toby A Inkster wrote:
> On 13 Jul 2009, at 18:31, Kaliya wrote:
>
>> The think I am confused about when you propose this is that your
>> browser becomes a "beacon" giving away your identifier to who ever
>> asks. Maybe I am not understanding how this [FOAF+SSL] works but when
>> Kingsley explained it to me at the Sem Web conference this is what I
>> "got"
>
>
> Your browser should pop up a dialogue box asking which certificate you
> wish to use when you visit a website. If you hit "cancel" then the web
> site may decide to give you anonymous access, or may decline to give you
> access - it's their choice.

If most people don't know what a browser is (eg. see 
http://www.youtube.com/watch?v=o4MwTvtyrUQ ), can we expect them to "do 
the right thing" when asked to choose a certificate? Can we train them 
to behave well on shared or public machines? Can they understand the 
various risks and the extent of their privacy exposure?

Nearby in the Web: http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf

Also http://blog.johnath.com/2008/04/16/security-ui-in-firefox-3plus1/ 
from a Firefox guy has some thoughts (scroll down a bit) on user 
certificates:

"""In North America (outside of the military, at least) client 
certificates are not a regular matter of course for most users, but in 
other parts of the world, they are becoming downright commonplace.  As I 
understand it, Belgium and Denmark already issue certs to their 
citizenry for government interaction, and I think Britain is considering 
its options as well.  We’ve fixed some bugs in that UI in Firefox 3, but 
I think it’s still a second-class UI in terms of the attention it has 
gotten, and making it awesome would probably help a lot of users in the 
countries that use them.  If you have experience and feedback here, I 
would welcome it."""
(subsequent comments in the blog add South Korea, Slovenia,...).

Also http://blog.johnath.com/2009/07/07/privacy-features-in-firefox-3-5/
-> http://blog.mozilla.com/faaborg/2009/06/30/firefox-35-and-privacy/
and http://support.mozilla.com/en-US/kb/Managing+Profiles
which have some more information about multiple-profiles in Firefox (ie. 
addressing the shared machine concern I raised above).

No easy answers here. Certs are on the rise, they're hard to use, but 
things are improving...

cheers,

Dan

Received on Tuesday, 14 July 2009 07:21:14 UTC