[foaf-protocols] Fwd: XAuth critiques
henry.story at bblfish.net
Wed Jun 9 15:16:20 CEST 2010
On 9 Jun 2010, at 14:54, Seth Russell wrote:
> On Wed, Jun 9, 2010 at 4:27 AM, Bruno Harbulot <
> Bruno.Harbulot at manchester.ac.uk> wrote:
>> Hi David,
>> On 09/06/10 10:04, David Chadwick wrote:
>>> Hi Nathan
>>> regardless of any UI/UX synchronisation amongst vendors, standardisation
>>>> of which certificate details are presented to the user when selecting a
>>>> certificate would be brilliant.
>>> I dont see how you can standardise this. The cert contents are already
>>> standardised, but suppliers are free to display any info in any way they
>>> want to. So I dont buy this one.
>> Agreed. Perhaps browsers could be encouraged to display the content of
>> the subject alternative name extension in the selection mechanism.
> I think there is a real problem with "suppliers being free to display any
> info in any way they want to". For foaf+ssl to to work these certificate
> choices must be extremely user informative. From a non-geek user
> perspective, how am i to remember which certificate to choose when i go
> authenticate myself at your website?
One solution is when creating a certificate to allow the user to choose his Distinguished Name. A good WebId server software could also help the user make good decisions in this regard. You can set your own Distinguished Name on http://webid.myxwiki.org/ though it does not do a good job at hinting at good names.
> I suggest some kind of standardization like we see where twitter identifies
> who made a twit and from where. Example ...
> Maria aka bubby bubbygirl, via Qwitter Client
> If we are not careful here we can totally confuse the unwashed masses and
> turn them off before the revolution has a chance to begin. The current
> practice, especially from a FireFox browser suck big time, and in fact is a
> worse mess than user/password.
I would not say it's work than usename password. Amazingly that ugliest of all user interfaces is still a lot better than usename/password.
But it would be very simple for browser vendors to give a better UI for Certificate selection. On creating of a public key with a WebID in subj alt name, they could fetch the foaf profile, and use the information there to generate a easy to recognise card, with photo, logo, name, etc... The browser could also keep up to date with any changes there.
IT would be like magic. :-)
> Seth Russell
> Alpha testing: tagtalking.net
> Facebook ing: facebook.com/russell.seth
> Twitter ing: twitter.com/SethRussell
> Blogging: fastblogit.com/seth/
> Catalog selling: www.speaktomecatalog.com
> Google profile: google.com/profiles/russell.seth
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols