- From: Dan Brickley <danbri@danbri.org>
- Date: Tue, 14 Jul 2009 09:20:29 +0200
- To: Toby A Inkster <tai@g5n.co.uk>
- CC: Kaliya <kaliya@mac.com>, public-xg-socialweb@w3.org
On 13/7/09 21:16, Toby A Inkster wrote: > On 13 Jul 2009, at 18:31, Kaliya wrote: > >> The think I am confused about when you propose this is that your >> browser becomes a "beacon" giving away your identifier to who ever >> asks. Maybe I am not understanding how this [FOAF+SSL] works but when >> Kingsley explained it to me at the Sem Web conference this is what I >> "got" > > > Your browser should pop up a dialogue box asking which certificate you > wish to use when you visit a website. If you hit "cancel" then the web > site may decide to give you anonymous access, or may decline to give you > access - it's their choice. If most people don't know what a browser is (eg. see http://www.youtube.com/watch?v=o4MwTvtyrUQ ), can we expect them to "do the right thing" when asked to choose a certificate? Can we train them to behave well on shared or public machines? Can they understand the various risks and the extent of their privacy exposure? Nearby in the Web: http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf Also http://blog.johnath.com/2008/04/16/security-ui-in-firefox-3plus1/ from a Firefox guy has some thoughts (scroll down a bit) on user certificates: """In North America (outside of the military, at least) client certificates are not a regular matter of course for most users, but in other parts of the world, they are becoming downright commonplace. As I understand it, Belgium and Denmark already issue certs to their citizenry for government interaction, and I think Britain is considering its options as well. We’ve fixed some bugs in that UI in Firefox 3, but I think it’s still a second-class UI in terms of the attention it has gotten, and making it awesome would probably help a lot of users in the countries that use them. If you have experience and feedback here, I would welcome it.""" (subsequent comments in the blog add South Korea, Slovenia,...). Also http://blog.johnath.com/2009/07/07/privacy-features-in-firefox-3-5/ -> http://blog.mozilla.com/faaborg/2009/06/30/firefox-35-and-privacy/ and http://support.mozilla.com/en-US/kb/Managing+Profiles which have some more information about multiple-profiles in Firefox (ie. addressing the shared machine concern I raised above). No easy answers here. Certs are on the rise, they're hard to use, but things are improving... cheers, Dan
Received on Tuesday, 14 July 2009 07:21:14 UTC