W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: wot won Thing, asked W3C Identity Conference

From: Henry Story <henry.story@bblfish.net>
Date: Sat, 7 Jan 2012 17:57:47 +0100
Cc: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-Id: <E62D7DFC-6671-4DA6-9DBF-24D2C50E2DC0@bblfish.net>
To: Peter Williams <home_pw@msn.com>

On 7 Jan 2012, at 17:38, Peter Williams wrote:

> The identity conference hosted by W3C aksed folks to state one thing that could be done by all browser manufacturers, that makes a difference. The difference doesnt have to save this world. It just has to remove a disabling barrier.
> For me, its for ALL mainstream browsers to have something similar to that provided in IE8+: the "New Session" menu item. This is that which, in the SSL world, allows me to stay on the same site (e.g. WebID Realm) and change client certificate, without exiting the browser. (It may have other properties related to pseudo-privacy, too)
> With all mainstream browser others than IE8+, I have to exit the browser to use a differnt persona (and even all instances of the process, in some of the worst cases).
> With New Session I dont. I get a new brower window (with new tab set), enabled with new SSL client authn.

Very nice. It seems that Microsoft has the best implementation of https at present.  With IE you can
 - logout (using javascript)
 - your sessions
 - a nice cert selection box
 - supports Want request

All the other browsers have one of those missing
 - Firefox has an butt ugly selection box
 - Chrome, Opera, and Safari  have no way to log out 
 - Safari does not even let you log out multiple times (this is a serious security hole)
 - Opera and Safari require the server to ask for the certificate in NEED mode if they are going to send it

One annoyance for IE is lack of the html5 keygen element, which means implementations are more difficult, but this can be dealt with.

Now everybody knows I am far from an unconditional M$ supporter (having worked for Sun Microsystems), but I think here this has to be said quite clearly. The failure of the other browsers is entirely their own fault at this level.  

As a result people here should do the ultimate to do a good job supporting IE. They still have 50% of the market, and it would be silly to loose our message 50% for internet users. 

> This is worth having universally. WebID depends on it, I'd counsel.
> The second thing is ... almost equally useful. But, Im not allowed two wishes.

Social Web Architect

Received on Saturday, 7 January 2012 19:38:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:54 UTC