- From: peter williams <home_pw@msn.com>
- Date: Mon, 14 Feb 2011 10:42:28 -0800
- To: "'WebID Incubator Group WG'" <public-xg-webid@w3.org>
- Message-ID: <SNT143-ds1926543A2E2104F0445B2892D00@phx.gbl>
When I look around at W3C community culture, folks seems to like irc and tools that use openssh to tunnel to a server. I must have used 4 tools in the last days that wrapped putty, simply to leverage its "application-layer" openssh tunneling capabilities. Do we want to ensure that webid protocol is as viable in the ssh world, as ssl world? This is really a topic question: should ssl be merely a "binding" of the protocol (to TLS), alongside a SAML binding (to SAML2), an openssh binding (.. Is there anything *innately SSLish* in the protocol (which has to work with https libraries, not only browsers, too recall). I keep calling for folks to leverage SSL's inner nature to advantage; but I don't believe anyone is listening - preferring that SSL be treated as a pretty generic way of letting control over private keys deliver certain crypto proofs to the protocol. If the use of SSL truly is generic "by posture", then perhaps the whole scheme ought to be working with equivalents to SSL - particularly those that allow for really easy integration of tunnels - tunnels that the webid protocol to XYZ application, not only browsers.
Received on Monday, 14 February 2011 18:45:12 UTC