W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Position Paper for W3C Workshop on Identity

From: Stéphane Corlosquet <scorlosquet@gmail.com>
Date: Sat, 23 Apr 2011 09:51:43 -0400
Message-ID: <BANLkTinLLBTaARtae0eeyYJ+OYS+MGn7Rw@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: WebID XG <public-xg-webid@w3.org>
The user can create and control his own, self sign his certificates,
and if needed use short lived, throwaway ones.
control his own what? "The user can create and control his own, self
signed certificates" maybe?

The selected X509 certificate is sent back
be more precise than "sent back": i.e. the browser sends the selected
certificate to the server. The following shows an excerpt of the

The indentation of the last 2 lines looks odd, they should be indented
further right than the line above them:
X509v3 extensions:
 X509v3 Subject Alternative Name:

Do you mean to have a yellow background? a box around it would
probably look better.

Make sure you're using the same WebID for Bob, the certificate
specifies https://bob.net/id/bob and further in 6. you use

The point 7. is beyond the WebID authentication realm but that's good
to give an idea of the type of things you can do once you have a
WebID. I wonder if this could be made optional though, as otherwise it
might make the reader think that WebID requires to have a whole FOAF
network - quite the opposite, you can start using WebID with just one
WebID URI and a public key in your profile document (as simple as

Passwords are difficult to remember or they are bad
what do you mean by passwords being bad? because they are made too
weak to be easier to remember? or are you criticizing the whole
concept of using passwords?

as shipped in current browser

solving the trust problem - the biggest issue of WebID
The biggest issue of WebID is the trust problem? you probably mean
that the biggest issue WebID solves is the trust problem?

Make sure to spell OpenID with uppercase ID: s/OpenId/OpenID

OpenId is especially important for a number of devices (cell phones
often) that have not implemented client side certificates properly.
I would add 'yet' so it reads "that have not yet implemented client
side certificates properly", giving hope that they will in the future,
and emphasizing that it is something that can be fixed by the browser

The browser could then make use of the information found in the WebID profile
This WebID anchor can then be used by browsers
Firefox Weave does not use WebID yet, right? so be consistent with
could/can, I believe you want to use could here, otherwise 'can'
implies it is already available...

With the rollout of critical infrastructure element such as DNSsec and
IPV6 WebID should rise
add comma after IPV6

 that encompass everything from to personally controlled identities
s/from to/from

role playing and employee identities
what's a role playing identity???

The HTML is not very clean and several spaces break the read flow at times....


On Fri, Apr 22, 2011 at 6:42 AM, Henry Story <henry.story@bblfish.net> wrote:
> From yesterdays comments I have now tweaked the paper to the following
>  http://bblfish.net/tmp/2011/04/22/
> I think we really are there, it reads very well now, is clear, open to new protocols (ldap included),
> makes friends in the TLS, dane, openid and freedom box community, whilst also showing
> the government how they can get some of what they want for little cost (important
> in the government cut back season, when Democratic presidents have to work with Republicans).
> I'll  start passing this to members of this group who are not participating
> here so actively, probably due to combined reason of volume of mail  and
> holiday season, to see if we can get some other feedback, some other points of
> views.
> We can review some of this on Monday.
> Henry
Received on Saturday, 23 April 2011 13:52:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC