RE: WebID-ISSUE-16: Easy cross-browser certificate transfer

I like all those topics - as now we are seeing the reality of the "management" of huge communities come into the requirement analysis.
 
Its only dogma that requires there be one and only "web-site" method of managing the set up of the keying and identity. Given this all has to one day map onto the legacy crap we all use when making money, a successfull design will accomodate some of our legacyness - the stuff folks are "not unwilling" to carry forward.
 
In my world, folks already have certs, all 1 million users. They already sign e-forms, 10 a day. They dont want 2 certs. They want 1 cert with 2 functions (one that allows remote form filling, from a profile doc). 
 
100k of them use smartcards (with pre-issued key culture), another 100k use Microsoft CA with keygen-style management, another 200k get their certs from their (microsoft group policy) computer/user account when they logon on the LAN. I dont even know what the other lot do, though I suspect the vendor exploits the object tag to do Adobe-PDF_style integration with the web, so folks can exploit secure workflows moving forms around a bureacratic process.
 


Date: Mon, 31 Jan 2011 12:08:56 -0500
From: scorlosquet@gmail.com
To: public-xg-webid@w3.org
Subject: Re: WebID-ISSUE-16: Easy cross-browser certificate transfer

There's been a lengthy discussion on this topic in this thread: "[foaf-protocols] Some basic questions prior to development ?"


http://lists.foaf-project.org/pipermail/foaf-protocols/2010-May/002306.html


Steph.


On Mon, Jan 31, 2011 at 12:01 PM, WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org> wrote:


WebID-ISSUE-16: Easy cross-browser certificate transfer

http://www.w3.org/2005/Incubator/webid/track/issues/16

Raised by: Stéphane Corlosquet
On product:

Issue raised by Manu Sporny at https://github.com/webid-community/webid-spec/issues#issue/4

One of the strongest arguments against technologies like WebID is the concern of transferring certificates from one browser to the next. There have been studies performed on this particular issue and both creating one-certificate-per-browser and having to copy certificates across browsers have been met with very strong usability concerns.

There is a protocol that has been outlined by Ben Laurie for storing private keys on remote servers:

http://www.links.org/files/nigori/nigori-protocol-01.html

We may want to consider inclusion of this technology into the specification as it would certainly make the Javascript implementations of WebID more attractive to those that have concerns about cross-browser certificate transfer.





 		 	   		  

Received on Monday, 31 January 2011 17:45:14 UTC