[foaf-protocols] Fwd: XAuth critiques

Story Henry henry.story at bblfish.net
Wed Jun 9 15:16:20 CEST 2010 

On 9 Jun 2010, at 14:54, Seth Russell wrote:

> On Wed, Jun 9, 2010 at 4:27 AM, Bruno Harbulot <
> Bruno.Harbulot at manchester.ac.uk> wrote:
> 
>> Hi David,
>> 
>> On 09/06/10 10:04, David Chadwick wrote:
>>> Hi Nathan
>> 
> 
>>> regardless of any UI/UX synchronisation amongst vendors, standardisation
> 
>>>> of which certificate details are presented to the user when selecting a
>>>> certificate would be brilliant.
>>> 
>>> I dont see how you can standardise this. The cert contents are already
>>> standardised, but suppliers are free to display any info in any way they
>>> want to. So I dont buy this one.
>> 
>> Agreed. Perhaps browsers could be encouraged to display the content of
>> the subject alternative name extension in the selection mechanism.
>> 
> 
> I think there is a real problem with "suppliers being free to display any
> info in any way they want to".   For foaf+ssl to to work these certificate
> choices must be extremely user informative.   From a non-geek user
> perspective, how am i to remember which certificate to choose when i go
> authenticate myself at your website?

One solution is when creating a certificate to allow the user to choose his Distinguished Name. A good WebId server software could also help the user make good decisions in this regard. You can set your own Distinguished Name on http://webid.myxwiki.org/ though it does not do a good job at hinting at good names.


> I suggest some kind of standardization like we see where twitter identifies
> who made a twit and from where.  Example  ...
> 
>       Maria aka bubby bubbygirl, via Qwitter Client
> 
> If we are not careful here we can totally confuse the unwashed masses and
> turn them off before the revolution has a chance to begin.   The current
> practice, especially from a FireFox browser suck big time, and in fact is a
> worse mess than user/password.

I would not say it's work than usename password. Amazingly that ugliest of all user interfaces is still a lot better than usename/password.

But it would be very simple for browser vendors to give a better UI for Certificate selection. On creating of a public key with a WebID in subj alt name, they could fetch the foaf profile, and use the information there to generate a easy to recognise card, with photo, logo, name, etc... The browser could also keep up to date with any changes there.

IT would be like magic. :-)

Henry


> 
> Seth Russell
> Alpha testing: tagtalking.net
> Facebook ing: facebook.com/russell.seth
> Twitter ing: twitter.com/SethRussell
> Blogging: fastblogit.com/seth/
> Catalog selling: www.speaktomecatalog.com
> Google profile: google.com/profiles/russell.seth
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

More information about the foaf-protocols mailing list