- From: Nathan <nathan@webr3.org>
- Date: Thu, 28 Apr 2011 14:18:05 +0100
- To: Dan Brickley <danbri@danbri.org>
- CC: peter williams <home_pw@msn.com>, public-xg-webid@w3.org
Dan Brickley wrote: > On 28 April 2011 04:50, peter williams <home_pw@msn.com> wrote: >> "OpenID reduces the account multiplication issue by allowing users to login >> to every site using the same global identifier. This provides a base from >> which WebId can be deployed, procuring the following extra advantages: >> Protocol simplicity: the WebID protocol is a lot simpler, requiring only one >> more connection over and above the connection to the requested resource, >> where the result is cacheable. OpenID requires seven TLS connections, >> significantly more than WebID. These additional steps create opportunities >> for denial of service attacks, making it more difficult to secure and to >> debug." >> >> I think we are still learning to make effective pitches. The above, for >> example, now submitted, sounds somewhat catty. If my sales team used that >> tone about our competition, Id consider him jaded and time for retirement. > > I have to agree. +1 > Last thing we need is a retread of the unfortunate > tribalism that was 'microformats versus Upper Case Semantic Web'. definitely, that vs mentality is possibly one of the biggest blockers to adoption. > WebID stands on its strengths. And in some cases, being able to fall > back to OpenID (eg. from the certless cybercafe PC scenario) is more > appealing than messing around using a password to install (and then > remove) a transient WebID cert on an uknown PC. This is probably our biggest issue, we need to do something abotu that fast, cert management is a huge PITA - my cert expired last week, I use it for loads of things (use the keys from it for github, w3c cvs, my own svn stuff, dav servers etc) this thing expiring is a really big problem at the minute, and the levels of pain it's going to take to re-issue the the cert with the same keys is not something my mum could manage. > From the point of view of the more descriptively-oriented FOAF work, > multi-protocol is not just unavoidable, but essential. Protocols are > the papertrail that let us move from RDF triples to RDF quads, to keep > track of who-said-what and to then be able to query them usefully in > SPARQL or even reason about them. There is a level of abstraction missing, a level of abstraction is missing at the minute. Needs focus. > While WebID and digital signature (PGP or otherwise) are > key tools there, so are custom REST APIs, XMPP, and other older, more > domesticated protocols like IMAP and POP. +1 > Regarding multi-protocol, perhaps the most effective thing that could > be done in the WebID community would be to create or patch > opensource/free software tools to be protocol agnostic, and which > would allow Web developers to implement 'login with openid or webid or > facebook or twitter or ...' rather than face each hurdle separately. +1 > Updating the various wordpress, drupal, mediawiki etc etc openid addons to handle WebID too would be a big boost. I think we can safely say that's about to happen in the near future ;) > But then so would having a not-for-geeks "login > with your Web identity" narrative that would subsume technology > differences between OpenID and WebID. agree! > (*) saying this, I'm painfully aware that I've not had time to put > much time into any of this lately, so maybe I shouldn't be cavalier in > making suggestions for how others assign their time. Who has? Although it feels like there are quite a few of us with renewed focus to attack the big picture with real working code spanning multiple projects and groups. It's going to be a fun / interesting year. Best, Nathan
Received on Thursday, 28 April 2011 13:18:51 UTC