Re: Documenting implicit assumptions?

On 2 Feb 2011, at 02:27, Nathan wrote:

> Manu Sporny wrote:
>>>> the notion of public key holder owns to webid uri (on which the  protocol
>>>> is currently predicated) is temporally weak, that is to say, the
>>>> public/private key holder is not proven to still own / have write
>>>> permissions to the webid resource.
>> Control of the profile page is also a vital point in openID : spammers
>> gaining access to any google/yahoo account can use my openID to login
>> everywhere on my behalf.
>> In fact, if classic login can be disabled on the profile hosting site,
>> WebID can be more secure as it requires an access to one of your
>> browser certificate to gain control on the profile page.
> combined with (optional) SRP it'd be rather wonderful.. I always see WebID as a layered protocol, for instance the last thing I'd want is my bank authorizing access to my account via just WebID, it needs password / secret info transfer as well (thankfully encrypted over the wire thanks to tls)


> Best,
> Nathan
> srp:


Social Web Architect

Received on Wednesday, 2 February 2011 09:51:11 UTC