W3C home > Mailing lists > Public > public-xg-webid@w3.org > October 2011

Re: future of Identity on the Web

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 25 Oct 2011 23:24:11 +0200
Cc: public-identity@w3.org, WebID Incubator Group WG <public-xg-webid@w3.org>
Message-Id: <2930701C-562A-4E1C-9E95-972D3226DE95@bblfish.net>
To: Edward O'Connor <eoconnor@apple.com>

On 25 Oct 2011, at 23:04, Henry Story wrote:

> Next with 
> 3. Performance and scalability is terrible relative to server-auth-only TLS
> There is only one connection to the WEbID server and that can be cashed, so there is a bit of a cost on the first connection. But even normal TLS is supposed to do something like verification of the certificate on a revocation list. Other requests can use information from the cache as long as the cache is felt to be valid, which is no different from checking revocation lists.
> But if you really feel this is a serious issue for large providers, then we can help you out, without any trouble at all. We were just waiting for people with such issues to talk up a bit, because I don't want to make the protocol more complex without reason. It is simple: We just need to use an Issuer WebID. So let's say Apple issues a number of certificates, they can issue each of them with a webid of
> <https://apple.com/id#AAPL>
> Then any server that finds the public key of AAPL, won't need to check the profile of the user: it will just need to verify that AAPL signed it. Of course it could then do another check on the WebID to get the latest information from there, but perhaps you are right - that could be done in a different thread between two connections.
> Does that help? Is that something you would like us to add to the spec?

Btw. I just realised that we had two issues open for this

ISSUE-2: Explore the role of Issuer Alternative Names in WebIDs
ISSUE-3: Explore Large scale TLS WebID installation issues

It looks like ISSUE-2 could then be the way to solve ISSUE-3.


Links to issues:

Social Web Architect
Received on Tuesday, 25 October 2011 21:24:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:47 UTC