On Wed, Jul 20, 2011 at 3:01 PM, Henry Story <[email protected]>wrote:
> > On 20 Jul 2011, at 03:26, John Kemp wrote: > > > Hi Dick, > > > > On Jul 19, 2011, at 9:08 PM, Dick Hardt wrote: > > > >> As for one of the major advantages of BrowserID: it is a user-centric > architecture unlike OpenID Connect. > > > > Can you explain what you mean by "user-centric" in this context? As far > as I can tell, the "verified email" protocol ( > https://wiki.mozilla.org/Identity/Verified_Email_Protocol/Latest) in use > for BrowserID requires that the email provider generates a certificate > verifying the email address, to the browser - I'm not sure how that is more > user-centric than OpenID Connect... The default (canonical?) verifier is > currently browserid.org, but I'd imagine that they expect that FB et al > will verify the email addresses of their users and essentially produce > identity assertions for their users, albeit in this browser-mediated > manner... doesn't seem too different from what your Sxipper plugin or > Infocards were trying to do with OpenID really... > > If you want a user centric protocol that works now - and with 10 years old > browsers even - then you may want to try > WebId http://webid.info/ - That was inspired by OpenID. It uses an http(s) > url, but the user never sees it. It does not require control of an e-mail > server to get one, so it is much more friendly to social networking > services, and many other services that don't control the e-mail. > > It requires TLS Client certificates as of now. > > I have argued that if BrowserID does their thing right WebID authentication > could also work with their JSON certificates, giving them RESTful attribute > exchange too. By the way OpenId could also have RESTful attribute exchange. > > > http://security.stackexchange.com/questions/5406/what-are-the-main-advantages-and-disadvantages-of-webid-compared-to-browserid/5424 > > What OpenID showed is that users don't like to type a http URL in their > box. I'd go even further: it is better not to have to type anything, but > just click. BrowserId does that but for some reason has a fixation on not > distinguishing between the identifier that the user *sees* and the > identifier used by the protocol. > I agree. If this "fixation" is removed, things gets much more palatable for many people. > > So if we were all a bit flexible we could all work with web architecture > and together. > +1 > > Henry > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
