[foaf-protocols] WebID talk at W3C - WebId+Flash

Henry Story henry.story at gmail.com
Wed Aug 25 10:25:37 CEST 2010

On 25 Aug 2010, at 04:14, Dave Longley wrote:

> On 08/24/2010 10:18 PM, Sarven Capadisli wrote:
>> I don't wish to side track the discussion as this probably deserves its
>> own thread, but, I wanted to quickly mention an user interaction that's
>> briefly coming up in discussions:
>> The idea of users being automatically signed-in.
>> The first reason that comes to my mind as to why that may not be ideal
>> is that, users sometimes want to navigate anonymously.

That is a very good point, and it is a UI problem with browsers that needs to be fixed by those browser manufacturers.  I am happy we are now coming to the core of the UI problem. In my view this is the only problem, apart the ugly Firefox UI issue.

Can you please vote on this issue:

I recently added the following note to that bug report

I just thought of the final piece that would completely nail the User Interface. I am not 100% sure but I thought it would be worth writing down here.

Let us imagine a future secure web where everything is behind https. (Why not? it's cheap now!) So some friend sends you an https link to content on some site. You arrive at the site and the server is set up for optional client certificate usage. Bang! Up pops your browser asking you to select a certificate. 

Problem: you don't yet know which site you have arrived on! And it is asking you for a certificate. So really what you want to do is click "Cancel" to first check out  the site. But then without this patch that @snej is working on, you won't be able to login to the site later to see the classified content - well not without restarting your browser!

So one could even go one step further and allow you, the browser user, to select an option that would let the browser automatically login without certificate on sites that ask for certificates optionally. The location bar would then show a logo for the anonymous user - An icon of a guy with sunglasses perhaps, with anonymous written next to it - that would be a hint to you that you can log in whenever you wants to by selecting the button.

If done correctly the certificate selection box, could be designed so that the user understands after that box appearing a few times too often, how he can set this behaviour to be automatically so.

This would essentially then have fully integrated identity into the browser at very little cost.

This is a first version of a patch that @snej there was working on
(clearly it needs some UI improvement still)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture 1.png
Type: image/png
Size: 130434 bytes
Desc: not available
Url : http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100825/bcfce8a7/attachment-0001.png 
-------------- next part --------------

With something like this on the side of the browser manufacturers the final UI problem is solved. Because it then completely removes the need for the login button.

But the Flash fix may be very important for a long time, because browsers change very slowly.

Now since we are going to have someone from Google in the audience this is the kind of point we should be getting across to him.

> I agree that this is also important. There needs to be a way for a user 
> to both tell whether or not they are currently identifying themselves on 
> a website, who they have identified themselves as, and an easy way for 
> them to become anonymous again. I'm not saying that these features 
> aren't available (or can't be made available), the point is that "login" 
> isn't going away, it's just adapting.
>> I hope I didn't misinterpret you (and others) here, but I think
>> distinguishing between "type of" logins, and "being" logged in is
>> important.
>> -Sarven

More information about the foaf-protocols mailing list