- From: peter williams <home_pw@msn.com>
- Date: Thu, 10 Feb 2011 18:30:09 -0800
- To: "'WebID XG'" <public-xg-webid@w3.org>
Feel free to fire back.... Next week is RSA show; Google will be there, and are probably firing an early shot in their marketing; now they have phonefactor, and 2 factor support (boring and yawn on the one hand; a remarkable feat of engineering if it's now available to their HUGE user base). Im going to the show in San Francisco for 2 days, if any wants to meet up. I'm not exactly sociable in groups > 3 ... but am reasonably pleasant one on one. At the show, 500 vendors will talk about the topic. They have been doing for 15 years, which is how many RSA shows Ive been to. It's an entire industry, that grew up, our and from RSA flogging its bsafe toolkit API in rented room at the hotel down from Oracle in Redwood City... to a huge conference on several continents. An entire industry was born, and billions of dollars exchange hands on the topic. The first attendees were worse than me, and could not actually raise their eyes from the floor. So what are we doing here? that they@rsa are not? And that's what we have to focus on. We are not in competition with them. We are not a vendor. We are not even a vendor consortium. We are (and Im struggling to say "we", since I know so little about W3C insider aims) W3C - with a particular opinion (here being formed). We have to have find a nitch/niche within that RSA eco-system, just as NSA (say) do. (They basically express their renowed skills in assurance and higher end security engineering, particularly for bits of fast hardware; a unique claim to fame). So what is our nitch/niche? It has to be the semantic web - a level of scale never before envisioned. It's also using a computing metaphor that has yet to hit the big time, having teetered on the edge of adoption for years (logic programming). It also uses those old client certs, issued to consumers (that everyone else has given up on). Its also able to distinguish itself from 4 websso protocols, including openid (a kissing cousin). I think we are still incubating this story. On the one hand it has to express W3Cish'ness in terms of technical web architecture (and be seen to portray "doctrines" that the movement believes in, as social engineering), yet on the other, it has to be politically savvy - to build up a constituency that migrates towards the position, following the lead. In a space dominated by billion dollar companies vying for attention, obviously the end-pitch will have to be well crafted (for next year's show, say), and be "approachable"; which will be a balancing act between not to technical, not to religious, just enough assurance, the right level of implementation ovberhead, the right of people, the moment being right for a change....and address the needs of a large enough adoptee community so they look over here, versus over there at the 500 other stands at the tradeshow. Peter. -----Original Message----- From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of jeff@sayremedia.com Sent: Thursday, February 10, 2011 4:58 PM To: WebID XG Subject: Google's New two-legged AuthN This has been making the rounds around Twitter, but I thought I should post it here just so we keep it in mind. On Google's official blog, they posted this today: <a href="http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-y our.html ">Advanced sign-in security for your Google account</a> Basically, Google is offering its account holders the option of adding another verification step when authenticating a session. Here's the gist of their new technique: "Once you enable 2-step verification, you'll see an extra page that prompts you for a code when you sign in to your account. After entering your password, Google will call you with the code, send you an SMS message or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device. The choice is up to you. When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you." This is an example where the use of WebID authentication would be superior--both from the users' and Google's standpoint. Jeff http://jeffsayre.com/
Received on Friday, 11 February 2011 02:30:44 UTC