[foaf-protocols] WebID talk at W3C
kidehen at openlinksw.com
Wed Aug 25 02:47:52 CEST 2010
On 8/24/10 8:11 PM, Dave Longley wrote:
> On 08/24/2010 05:22 PM, Joe Presbrey wrote:
>> On Tue, Aug 24, 2010 at 7:19 AM, Kingsley Idehen<kidehen at openlinksw.com> wrote:
>>>> Great, so apparently there will be 15 minutes to present these slides.
>>>> This idea was to follow this by 10 minutes to demonstrate Manu's solution, under the heading of WebID. I am arguing that this is a bit much for a solution that we have no interoperation for, and have not considered. My argument there is that a 3 minute screencast should be more than enough.
>>> Sorry, but I still don't get the elevation of Manu's solution to
>>> definitive demo status re. WebID.
>>> Manu: no offense intended here, but this simply doesn't feel right at all.
>> Agreed. I think it would be a sad waste of WebID's 15 minutes to
>> Maybe I misunderstand but, my view of your JS/Flash is as a workaround
>> for browsers who have not yet refined their SSL client UI. WebID needs
>> to be in the browser. Much of the trust/security of the primary
>> request is lost when the WebID-authn/TLS process is encapsulated as
>> JS/Flash subrequests. +extra round trips, etc. eek! Was this
>> omission on purpose? OTOH, this is a huge advantage we have over the
>> other authn solutions and should leveraged and mentioned.
> The JS/Flash is a drop-in replacement for the browser certificate
> generation/selection UI.
Fine, but that isn't what WebID protocol is about.
The prime issue here is that you are positioning this effort as holistic
and definitive re. WebID value prop. which simply isn't accurate or right.
> Could you please explain what you think the JS/Flash demo is doing that
> leads you to conclude that the security of the authentication process is
> reduced (and explain how it is reduced)?
I believe the issue is more about its insertion into the presentation. A
presentation that's supposed to effectively showcase the WebID
protocol's value proposition.
The issue isn't your specific innovation. The issue is putting your
innovation in appropriate context relative to the WebID protocol in
general, with regards to the W3C presentation.
If this is a Pay Swarm + WebID exploitation presentation, different
matter, but as far as I can tell this is a WebID protocol presentation.
>> Also agreed with Steph on decentralization !~ availability.
>> foaf-protocols mailing list
>> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols