W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: the openid para

From: Nathan <nathan@webr3.org>
Date: Thu, 28 Apr 2011 14:18:05 +0100
Message-ID: <4DB9690D.5050602@webr3.org>
To: Dan Brickley <danbri@danbri.org>
CC: peter williams <home_pw@msn.com>, public-xg-webid@w3.org
Dan Brickley wrote:
> On 28 April 2011 04:50, peter williams <home_pw@msn.com> wrote:
>> "OpenID reduces the account multiplication issue by allowing users to login
>> to every site using the same global identifier. This provides a base from
>> which WebId can be deployed, procuring the following extra advantages:
>> Protocol simplicity: the WebID protocol is a lot simpler, requiring only one
>> more connection over and above the connection to the requested resource,
>> where the result is cacheable. OpenID requires seven TLS connections,
>> significantly more than WebID. These additional steps create opportunities
>> for denial of service attacks, making it more difficult to secure and to
>> debug."
>> I think we are still learning to make effective pitches. The above, for
>> example, now submitted, sounds somewhat catty. If my sales team used that
>> tone about our competition, Id consider him jaded and time for retirement.
> I have to agree.


> Last thing we need is a retread of the unfortunate
> tribalism that was 'microformats versus Upper Case Semantic Web'.

definitely, that vs mentality is possibly one of the biggest blockers to 

> WebID stands on its strengths. And in some cases, being able to fall
> back to OpenID (eg. from the certless cybercafe PC scenario) is more
> appealing than messing around using a password to install (and then
> remove) a transient WebID cert on an uknown PC.

This is probably our biggest issue, we need to do something abotu that 
fast, cert management is a huge PITA - my cert expired last week, I use 
it for loads of things (use the keys from it for github, w3c cvs, my own 
svn stuff, dav servers etc) this thing expiring is a really big problem 
at the minute, and the levels of pain it's going to take to re-issue the 
the cert with the same keys is not something my mum could manage.

> From the point of view of the more descriptively-oriented FOAF work,
> multi-protocol is not just unavoidable, but essential. Protocols are
> the papertrail that let us move from RDF triples to RDF quads, to keep
> track of who-said-what and to then be able to query them usefully in
> SPARQL or even reason about them. There is a level of abstraction

missing, a level of abstraction is missing at the minute. Needs focus.

> While WebID and digital signature (PGP or otherwise) are
> key tools there, so are custom REST APIs, XMPP, and other older, more
> domesticated protocols like IMAP and POP.


> Regarding multi-protocol, perhaps the most effective thing that could
> be done in the WebID community would be to create or patch
> opensource/free software tools to be protocol agnostic, and which
> would allow Web developers to implement 'login with openid or webid or
> facebook or twitter or ...' rather than face each hurdle separately.


> Updating the various wordpress, drupal, mediawiki etc etc openid addons to handle WebID too would be a big boost.

I think we can safely say that's about to happen in the near future ;)

> But then so would having a not-for-geeks "login
> with your Web identity" narrative that would subsume technology
> differences between OpenID and WebID.


> (*) saying this, I'm painfully aware that I've not had time to put
> much time into any of this lately, so maybe I shouldn't be cavalier in
> making suggestions for how others assign their time.

Who has? Although it feels like there are quite a few of us with renewed 
focus to attack the big picture with real working code spanning multiple 
projects and groups. It's going to be a fun / interesting year.


Received on Thursday, 28 April 2011 13:18:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC