On 22 October 2012 14:32, Harry Halpin <[email protected]> wrote: > On 10/22/2012 02:03 PM, Kingsley Idehen wrote: > >> On 10/22/12 7:26 AM, Ben Laurie wrote: >> >>> On 22 October 2012 11:59, Kingsley Idehen <[email protected]> >>> wrote: >>> >>>> On 10/22/12 5:54 AM, Ben Laurie wrote: >>>> >>>>> Where we came in was me pointing out that if you disconnect your >>>>> identities by using multiple WebIDs, then you have a UI problem, and >>>>> since then the aim seems to have been to persuade us that multiple >>>>> WebIDs are not needed. >>>>> >>>> Multiple WebIDs (or any other cryptographically verifiable identifier) >>>> are a >>>> must. >>>> >>>> The issue of UI is inherently subjective. It can't be used to >>>> objectively >>>> validate or invalidate Web-scale verifiable identifier systems such as >>>> WebID or any other mechanism aimed at achieving the same goals. >>>> >>> Ultimately what matters is: do users use it correctly? This can be >>> tested :-) >>> >>> Note that it is necessary to test the cases where the website is evil, >>> too - something that's often conveniently missed out of user testing. >>> For example, its pretty obvious that OpenID fails horribly in this >>> case, so it tends not to get tested. >>> >> >> Okay. >> >>> >>> Anyway, Henry, I, and a few others from the WebID IG (hopefully) are >>>> going >>>> to knock up some demonstrations to show how this perceived UI/UX >>>> inconvenience can be addressed. >>>> >>> Cool. >>> >> >> Okay, ball is in our court to now present a few implementations that >> address the UI/UX concerns. >> >> Quite relieved to have finally reached this point :-) >> > > No, its not a UI/UX concern, although the UI experience of both identity > on the Web and with WebID in particular is quite terrible, I agree. >
Harry, what exactly do you mean by "on the web"? The reference point I take for this phrase is from the "Axioms of Web Architecture" : http://www.w3.org/DesignIssues/Axioms.html#uri 'An information object is "on the web" if it has a URI.' If I have understood your previous posts correctly you perhaps have a different definition or referring to something specific. Sorry if im a bit confused things, It's not that clear hat you mean by the phrase. > My earlier concern was an information flow concern that causes the issue > with linkability, which WebID shares to a large extent with other > server-side information-flow. As stated earlier, as long as you trust the > browser, BrowserID does ameliorate this. There is also this rather odd > conflation of "linkability" of URIs with hypertext and URI-enabled Semantic > Web data" and linkability as a privacy concern. > > I do think many people agree stronger cryptographic credentials for > authentication are a good thing, and BrowserID is based on this and OpenID > Connect has (albeit not often used) options in this space. I would again, > please suggest that the WebID community take on board comments in a polite > manner and not cc mailing lists. > Feedback is valuable and appreciated. Certainly the comments made are taken on board. With standards such as identity there's always an overlap between different efforts. I cant speak for others in the community, but I personally agree that care should be taken to post the right topics to the right list.
