[foaf-protocols] WebID talk at W3C
Dave Longley
dlongley at digitalbazaar.com
Wed Aug 25 02:11:59 CEST 2010
On 08/24/2010 05:22 PM, Joe Presbrey wrote:
> On Tue, Aug 24, 2010 at 7:19 AM, Kingsley Idehen<kidehen at openlinksw.com> wrote:
>
>>> Great, so apparently there will be 15 minutes to present these slides.
>>>
>>> This idea was to follow this by 10 minutes to demonstrate Manu's solution, under the heading of WebID. I am arguing that this is a bit much for a solution that we have no interoperation for, and have not considered. My argument there is that a 3 minute screencast should be more than enough.
>>>
>> Sorry, but I still don't get the elevation of Manu's solution to
>> definitive demo status re. WebID.
>>
>> Manu: no offense intended here, but this simply doesn't feel right at all.
>>
> Agreed. I think it would be a sad waste of WebID's 15 minutes to
> mention Javascript or Flash.
>
> Maybe I misunderstand but, my view of your JS/Flash is as a workaround
> for browsers who have not yet refined their SSL client UI. WebID needs
> to be in the browser. Much of the trust/security of the primary
> request is lost when the WebID-authn/TLS process is encapsulated as
> JS/Flash subrequests. +extra round trips, etc. eek! Was this
> omission on purpose? OTOH, this is a huge advantage we have over the
> other authn solutions and should leveraged and mentioned.
>
The JS/Flash is a drop-in replacement for the browser certificate
generation/selection UI.
Could you please explain what you think the JS/Flash demo is doing that
leads you to conclude that the security of the authentication process is
reduced (and explain how it is reduced)?
> Also agreed with Steph on decentralization !~ availability.
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
--
Dave Longley
CTO
Digital Bazaar, Inc.
Phone: 540-961-4469
More information about the foaf-protocols
mailing list