Re: Web ID as passwordless authentication for debian web services [was: Re: Developer repositories for Debian]
Quoting Stéphane Glondu (2013-05-16 10:57:19)
> Le 16/05/2013 05:04, Philip Hands a écrit :
> > Do you have any thoughts on how that compares with using
> > BrowserID/Persona? I'd got the impression that BrowserID has been
> > put together learning from mistakes of OpenID & WebID, but perhaps
> > I'm just swallowing their marketing.
>
> IIUC, there is no transfer of metadata (name, etc.) with BrowserID,
> unlike OpenID and WebID. An identity is an e-mail address, period.
Sounds like your are describing (optional(?) extensions to) OpenID.
With WebID only an ID is transfered. That transfered ID is a URI
pointing to a resource optionally containing more info.
> A benefit compared to OpenID and WebID is that the relying party
> doesn't need to query the identity provider each time, so this
> improves privacy.
Again, sounds like you are describing OpenID only.
WebID allows (and encourages) caching.
> BrowserID also relies on the CA cartel. You need to setup an HTTPS
> (with a trusted certificate) server that responds to some hard-coded
> path [1] to implement an identity provider. I see this as a serious
> limitation, but I guess big identity providers don't care.
>
> There is an open issue [1] about looking up information in DNS instead
> of the current hard-coded path. Maybe this, combined with DNSSEC,
> could lift the HTTPS constraint. But this is work in progress.
This seems similar as WebID: In principle ties to HTTPS - and therefore
the CA cartel - is only optional (other URIs than http ones suffice).
In reality alternatives to HTTP(S) is work in progress.
If I understand correctly, BrowserID is by design tied to browsers -
i.e. humans identifying themselves towards servers. WebID is not tied to
browsers: it is equally useful for server-to-server communication.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
Reply to: