Re: WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research] from Henry Story on 2011-02-22 (public-xg-webid@w3.org from February 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 22 Feb 2011 21:44:10 +0100
To: WebID Incubator Group WG <public-xg-webid@w3.org>
Message-Id: <BF6FEA26-8D50-4665-9DF4-A5F471A95F12@bblfish.net>

On 21 Feb 2011, at 09:58, WebID Incubator Group Issue Tracker wrote:

> 
> WebID-ISSUE-45 (pgp-comparison): Compare WebId with PGP/GnuPG Web of Trust [research]
> 
> http://www.w3.org/2005/Incubator/webid/track/issues/45
> 
> Raised by: Reto Bachmann-Gmür
> On product: research
> 
> Compare what can be done and how easy it is using PGP-WOT vs. WebId technologies.

Does this FAQ answer the question?
http://www.w3.org/wiki/Foaf%2Bssl/FAQ#How_does_this_improve_over_X.509_or_GPG_Certificates.3F

> 
> WebId offers easier weak security mechanism (replacement of email authentication),

Here you are speaking of authentication. WebID  is stronger than e-mail authentication. E-mail hops over many intermediaries, usually without encryption and the message can be change on the way. In webid you have a secure connection

> can WebId also provide high degree of security with transitive trust features?

So the issue here is one of trust. e-mail does not provide any trust, other than for large players like facebook, that can correlate the e-mail to social networks, and so use that information to work out a trust graph. WebId will benefit from some of the same network effects, though less centralised ones.

Clearly there are a lot more trust algorithms that can be invented by using WebID.

Social Web Architect
http://bblfish.net/

Received on Tuesday, 22 February 2011 20:44:49 UTC