- From: Ben Adida <ben@adida.net>
- Date: Thu, 14 Jul 2011 21:29:18 -0700
- To: Henry Story <henry.story@bblfish.net>
- CC: WebID XG <public-xg-webid@w3.org>
Hi folks, We'll be posting more info on browserid in the next few days, keep an eye on http://identity.mozilla.com. There are similarities to WebID for sure. There's one important difference: our identifiers are email addresses, and we're using JSON-based assertions and certs (JWS and JWT) to keep things very simple. (We don't actually want a hyper-generic certificate format, as that tends to introduce complexity and grow the attack surface.) This is, at this point, very much an experiment, so we look forward to your feedback. -Ben On 7/14/11 3:29 PM, Henry Story wrote: > I am CCing Ben Adida who posted some interesting information on Browser ID. > > For a general view: > > https://browserid.org/ > > For detailed technical overview > > http://lloyd.io/how-browserid-works > > It is pretty close to what WebID does I think, except that they omit the TLS part, though they re-invent it using javascript - a bit like what Manu Sporny was working on. It removes the need for TLS but requires a browser extension to work - I gather on first reading. Since Mozilla is putting it forward I suppose that could work -- though it will take time for browsers to ship with all of this. > > If they could use the same keychain used by TLS and have both BrowserID use the same keys linked to the certificates WebID uses then the two could work nicely together perhaps. So if a Relying party could provide TLS - which I think more and more will with DNSsec and DANE rollout - then the certificate route could be used. For servers that did not have TLS, then this would be the better solution for a long time. > > In any case the UI remarks I made at the end of the video on http://webid.info/ are still needed in both cases. > > > > Henry > > > Social Web Architect > http://bblfish.net/ >
Received on Friday, 15 July 2011 04:29:46 UTC