Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-17 Thread Olivier Berger
Hi. Philip Hands p...@hands.com writes: Do you have any thoughts on how that compares with using BrowserID/Persona? I'd got the impression that BrowserID has been put together learning from mistakes of OpenID WebID, but perhaps I'm just swallowing their marketing. AFAIU, I guess that,

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-17 Thread Francois Marier
On 2013-05-16 at 14:12:33, Daniel Kahn Gillmor wrote: It looks to me like BrowserID/Persona will only work in web browsers with a functional javascript stack (and eventually, with a functional javascript crypto stack). The client authentication happens inside the TLS layer, over the HTTP

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-17 Thread Francois Marier
On 2013-05-17 at 10:08:20, Olivier Berger wrote: AFAIU, I guess that, at least from the user-friendliness POV, the main perceptible difference, is : - OpenID uses a URL as a person's identifier : may or not be easily copied/remembered/dictated - WebID uses a URL too, same problems (there

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-16 Thread Stéphane Glondu
Le 16/05/2013 05:04, Philip Hands a écrit : Do you have any thoughts on how that compares with using BrowserID/Persona? I'd got the impression that BrowserID has been put together learning from mistakes of OpenID WebID, but perhaps I'm just swallowing their marketing. IIUC, there is no

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-16 Thread Jonas Smedegaard
Quoting Stéphane Glondu (2013-05-16 10:57:19) Le 16/05/2013 05:04, Philip Hands a écrit : Do you have any thoughts on how that compares with using BrowserID/Persona? I'd got the impression that BrowserID has been put together learning from mistakes of OpenID WebID, but perhaps I'm

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-16 Thread Daniel Kahn Gillmor
On 05/15/2013 11:04 PM, Philip Hands wrote: Do you have any thoughts on how that compares with using BrowserID/Persona? I'd got the impression that BrowserID has been put together learning from mistakes of OpenID WebID, but perhaps I'm just swallowing their marketing. It looks to me like

Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-15 Thread Philip Hands
Daniel Kahn Gillmor d...@fifthhorseman.net writes: On 05/14/2013 10:03 AM, Jonas Smedegaard wrote: I have also thought WebID would be a perfect match for things like this. [...] Daniel has raised concerns about WebID:

Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]

2013-05-14 Thread Daniel Kahn Gillmor
On 05/14/2013 10:03 AM, Jonas Smedegaard wrote: I have also thought WebID would be a perfect match for things like this. [...] Daniel has raised concerns about WebID: http://lists.alioth.debian.org/pipermail/freedombox-discuss/2011-March/001030.html Quite frustrating, because I trust