Re: WebID, BrowserID and NSTIC

On 7/26/11 3:59 AM, Henry Story wrote:
>
> On 25 Jul 2011, at 21:50, Francisco Corella wrote:
>
>> We will soon revise the white paper to add WebIDs, and PKI certificates
>> issued by email service providers to assert that the user owns an 
>> email address.  We
>> also accomodate the submission of multiple credentials simultaneously,
>> which makes sense in several use cases.
>
> very nice! Please keep us up to date on feedback from the NSTIC.
>
> We should also look at using the PKI certificates issued by e-mail 
> service providers
> as BrowserId does. I think it would fall under the topic of using
> WebIds in Issuer Alternative Names. So an e-mail server is one 
> possible issuer,
> but  one could also have WebServers be  issuers (CA) - as they are 
> currently.
> After all if the public key used by the https server is the same as 
> the one that signed the
> certificate, there is no need for the Relying Party to dereference
> the WebID, other than as a Certificate Revocation and RESTful
> attribute exchange mechanism. (It may also be psychologically helpful
> for many people, because it could be that people have trouble 
> understanding
> certificates that are not signed by a CA.)
>
> And yes, I agree there are many technologies that can come together.
> Being interested in the social web, my focus has been less on anonymity,
> than in decentralisation of sociality, which I think is the biggest issue
> at present.
>
> I think that it is very difficult to achieve anonymity, as even if the 
> tools are available
> users will very likely give away a global identifier if asked (credit 
> card,
> e-mail, address), or something to the same effect: enough information to
> be identifiable - and not much is required there.  But hey, if the 
> technology to
> make this possible is widely deployed, it will be great to be able to 
> use it :-)

Yes, but WebID (subject to IdP provider and its tech) allows me to knock 
a new identity "on the fly" and go incognito-ish if I wish :-)

We can't totally rule out effects of entropy, but we can up the ante re. 
skills level (e.g. digital Sherlock Holmes grade) required for such 
activities. The same thing applies to SPAM, it can be made much harder 
to pull off without 100% elimination of production possibility.

Kingsley
>
> Henry
>
> Social Web Architect
> http://bblfish.net/
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

Received on Tuesday, 26 July 2011 09:50:58 UTC