Re: WebID, BrowserID and NSTIC

On 25 Jul 2011, at 21:50, Francisco Corella wrote:

>  We will soon revise the white paper to add WebIDs, and PKI certificates
> issued by email service providers to assert that the user owns an email address.  We
> also accomodate the submission of multiple credentials simultaneously,
> which makes sense in several use cases.

very nice! Please keep us up to date on feedback from the NSTIC.

We should also look at using the PKI certificates issued by e-mail service providers
as BrowserId does. I think it would fall under the topic of using
WebIds in Issuer Alternative Names. So an e-mail server is one possible issuer,
but  one could also have WebServers be  issuers (CA) - as they are currently. 
After all if the public key used by the https server is the same as the one that signed the 
certificate, there is no need for the Relying Party to dereference
the WebID, other than as a Certificate Revocation and RESTful
attribute exchange mechanism. (It may also be psychologically helpful
for many people, because it could be that people have trouble understanding
certificates that are not signed by a CA.)

And yes, I agree there are many technologies that can come together.
Being interested in the social web, my focus has been less on anonymity,
than in decentralisation of sociality, which I think is the biggest issue
at present.

I think that it is very difficult to achieve anonymity, as even if the tools are available 
users will very likely give away a global identifier if asked (credit card,
e-mail, address), or something to the same effect: enough information to
be identifiable - and not much is required there.  But hey, if the technology to
make this possible is widely deployed, it will be great to be able to use it :-)

Henry

Social Web Architect
http://bblfish.net/

Received on Tuesday, 26 July 2011 03:00:22 UTC