W3C home > Mailing lists > Public > public-xg-webid@w3.org > October 2011

Re: future of Identity on the Web

From: Dan Brickley <danbri@danbri.org>
Date: Tue, 25 Oct 2011 10:20:13 +0200
Message-ID: <CAFNgM+b0FCkMmVs-wTPyaJM6h0sWeg9Mck2NGGd9bFJ+p6G9WQ@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>, Halpin Harry <hhalpin@w3.org>
Cc: WebID Incubator Group WG <public-xg-webid@w3.org>, public-identity@w3.org, Ben Adida <ben@adida.net>, Tim Berners-Lee <timbl@w3.org>
On 25 October 2011 08:35, Henry Story <henry.story@bblfish.net> wrote:
> Dear Web Identity Groups,
> Since both the community forming around the Web Identity javascript cryptography work [1] and the WebID XG are working in the same space, I propose that the two groups work out how these projects can complement each other, so that the W3C can tell a unified identity story. There is a lot in common between them - usage of cryptography in the browser and certificates to prove identity online - and it seems quite clear to me that both the existing WebID solution [2] and the in development version known as BrowserId can complement each other, in fact should as much as possible do so. This could then form the basis for a future WG starting 2012, split hopefully into a number of small independent and closely interrelated parts.

// Grumble mode on.

Re "...clear to me that both the existing WebID solution and the in
development version known as BrowserId", my understanding was that
WebID is also still "in development" (aka incubation, spec-drafting
etc.). It may well be older than BrowserID; but then so is OpenID.
Having taken a long time to not be finished yet or broadly deployed is
not in-itself a badge of honour! (c.f. FOAF!). This whole field is
still, after all this time, "in development". I do see a fairly
detailed *editor's * draft at
http://www.w3.org/2005/Incubator/webid/spec/ but no link to the
group's issue tracker (e.g.
http://www.w3.org/2005/Incubator/webid/track/issues/raised ) nor clear
indication of any schedule for getting these ideas recorded in a
stable snapshot on W3C's Technical Reports page. One of the downsides
of the (otherwise wonderful) trend for W3C to work in public has been
a drift towards groups using volatile Editor's drafts rather than
publishing clearly versioned http://www.w3.org/TR/ Working Drafts for
review by the wider Web community. Until this has happened,
development as a Web standard can't be said to have been completed. In
some eyes, it has barely started without a first public Working Draft.

It seems at some point W3C team's analysis here -- or yours, at least
-- led to your switching affections from "something like WebID" to
"something like BrowserId". Despite there having been previous
detailed team-confidential tech reviews of WebID, and talk of taking
it WG track, there was no acknowledgement at all of this work in
http://www.w3.org/2011/08/webidentity-charter.html ... even as
liaison. Your explanation in
"At the workshop, it seemed people wanted to focus on API based work
first such as the Crypto API, and certificates were discussed but
thought of as out-of-scope for this future working group" ...is
phrased in disappointingly passive language for a decision that was,
ultimately, yours to make (need more active verbs --- *who* thought
what?). The fact that there was already a WebID incubator does not
guarantee that community an on-ramp to W3C's standards track; review
of the incubator's draft spec is a critical step there which we seem
to be skipping. But it should ensure acknowledgement of those efforts
while writing related charters. Instead, I read only anecdotal and
vague reports from 'workshop discussions'.
In just over a year, we've gone from your actively pursuing the
FOAF+SSL/WebID group (e.g.
) to pretty much ignoring their existence while drafting charters for
obviously quite related work. This makes the W3C Team look rather
fickle, as if picking a winner that can be brought in under W3C's
brand was the central activity here, rather than a means to an end -
i.e. improving the Web.  In July last year, you wrote:

> People should not divide into two camps (or three, or four), but unify
> over the overriding ethical principle for an distributed private id-aware
> social web, and then keep that in mind when discussing the architecture.

I'm sure the draft charter you circulated was put together under great
time pressure and other constraints, but encourage you think a little
more generously about the message it sends to others who have worked
hard and in good faith over the last few years to improve identity in
the browser, and who went to the trouble of moving their efforts to
W3C on your specific urging.

How did we go from

> Then, with the help of a member of the Team like myself, a
> charter can be drawn up for a proposed Working Group, making sure the
> OpenID community and W3C Membership is involved. So, let's work together
> to make this happen!

...to your curtly and frostily asking that the WebID group stays in
its own camp and supply only diff requests on the new group's charter:

> We are of course following the WebID's work and look forward to your
> concrete suggestions that comes from any discussion on the WebID list,
> although I would request that WebID-specific discussions stay on the WebID
> list and then your group gives the W3C a single list of requested changes
> to the charter, as discussions on this list should ideally focus on
> textual changes and scoping to the charter.

This all paints an unfortunate picture of W3C staff flailing around
trying to pick a winner and get it W3C-branded ASAP. Would BrowserId
suffer a similar fate if --for fictional example-- say OpenID Connect
were offered to W3C for standardization tomorrow? If W3C is to be a
natural home for several complementary efforts, then their
interdependencies and relationships are surely deserving of more staff
time and thought than they appear now (from the outside) to be
getting. If you don't have the time of day to think such things
through, please convey to W3M that you need that time. Doubtless there
has been much internal discussion; last time I saw stats, W3C's
team-only archives received more team mail than those on the outside.
But from the outside, this casual brush-off does not make W3C
incubation and community spec development look an attractive prospect
for new efforts.

In http://lists.w3.org/Archives/Public/public-identity/2011Oct/0017.html
you comment that "WebID which is a working group and even has a spec".
As I mentioned in IRC, this might be colloquially true, however in W3C
convention, an Incubator Group (or Community Group, or Interest Group)
is quite a different creature from a full (let's capitalise it)
Working Group. A "Working Group" is a sign of wider endorsement of the
effort within W3C; specifically, that something has been endorsed as a
useful area to charter work under by the W3C Advisory Committee.
Further as I mention above, and Editor's Draft is pretty much just a
random Web page until it goes through the process of being published
at W3C as a Technical Report under http://www.w3.org/TR/. This magic
ritual does still have a concrete purpose --- it signifies to a very
wide public that a piece of work has been polished and progressed to a
stage at which it deserves review from Web technologists across the
globe. While WebID has received significant review already, it is
critically important that you get this Working Draft out there; there
is a much larger public waiting to read it. Many of those readers
don't live and breath this stuff, or read English as their first
language, but if they see that W3C has gone to the trouble of
publishing the work in /TR/, they'll go to  the trouble of reading it.
This needs to happen regardless of how any new group is chartered...

OK, grumbling over. Keep up the good stuff...


>   Henry
> [1] http://www.w3.org/2011/08/webidentity-charter.html
> [2] http://webid.info/spec/
> Social Web Architect
> http://bblfish.net/
Received on Tuesday, 25 October 2011 08:20:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:47 UTC