[foaf-protocols] local password - was WebID pre-alpha specification (uses RDFa)
Bruno.Harbulot at manchester.ac.uk
Fri Jul 16 20:25:32 CEST 2010
On 16/07/10 19:08, Kingsley Idehen wrote:
> Bruno Harbulot wrote:
>>> At OpenLink we are committed to delivering painless PKI as part of our
>>> WebID Protocol offerings, across all major platforms (Linux, UNIX, Mac
>>> OS X, and Windows).
>> Fair enough, but you can't really remove the pain of saving keys and
>> the public terminal problem just like that, unless you've found a
>> miracle solution :-) If you do so, that's probably by re-generating a
>> certificate on the fly (by logging on to your WebID from the new
>> browser), which is fine for the basic level of assurance, but may not
>> be sufficient when you need trusted 3rd-parties to corroborate your
>> public key. PKIs do that: the CA signs the association between your
>> identifier (SubjectDN or SAN) and your public key.
>> In addition, the mechanisms to choose a certificate are still not
>> always great, depending on the browser.
> Track my screenshots at:
> http://twitpic.com/photos/kidehen :-)
Oh sure, you have tools to generate the certificates, etc (and they look
good indeed), but this doesn't solve the public terminal problem
(without changing the public key), unless I missed something?
That doesn't solve the certificate selection problem from the browser
either as far as I'm aware.
In terms of ease of use, I'm comparing this to clicking on one of the
pre-defined OpenID providers on something like the StackOverflow login
page, for example (e.g. Google).
Of course, comparing solely on that aspect doesn't take into account the
other aspects of WebID.
Unfortunately, if you change the public key and the certificate whenever
you need to use the certificate, the site's trusted 3rd parties can't
sign your key whenever you need, so you're back to the basic level of
assurance, again, no better than OpenID.
Nothing wrong with that, but I'm not sure what the majority of users
would prefer: clicking on a well-known OpenID provider or creating
More information about the foaf-protocols