On 7 Aug 2013, at 19:34, Nick Jennings <[email protected]> wrote:
> Hi Kingsley, > > Thanks for the links. Trying out the first link > (http://youid.openlinksw.com/) now, some notes: > > 1. Certificate Name: maybe there could be some examples of ways to name your > certificate. I was speaking with Henry Story about this during the OHM2013 > conference, because at one time I had inadvertently 3 different WebID certs > in my browser, when I would visit a WebID enabled site, I'd have no idea > which one to choose, they were all the same "Nick Jennings ..." ... He > suggested that I give them unique names like "Work" "Home" "Junk" etc. so I > know when to use them in which cases... but this isn't very obvious to a new > user. That's why it should be done by the server generating the certificate. The details are here: https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/tls-respec.html#the-certificate Please let us know if you can think of improvements to the spec text, as we will be publishing it soon. > In general, that brings up some thoughts for me, maybe here's the place to > share them. It would be cool in browsers could bake the idea of a WebID into > the persona/profile of the browser session. (ie. chromes profiles, and > firefox has a profile plugin). Just allowing (by default, i guess) one WebID > per persona. This way you are encouraged to manage different profiles at the > browser level, rather than juggling a bunch of certificates with naming hacks > to figure out which is which... ? You can contribute your feedback as bug reports to the browsers. A place to start is here: http://www.w3.org/wiki/Foaf%2Bssl/Clients#Further_User_Interface_Issues > > > 2. With firefox, after filling out the form, I get a download dialogue for > the cert instead of it installing into the browser. So I saved, then went > into preferences and "import" ... which was successful with "Successfully > restored your security certificate(s) and private key(s)". Previously, with > my-profile.eu, this was automatically installed into the browser (I was using > Chrome then). Though I guess it's better to have it export/save by default so > you can install the same cert on any number of browsers without hassle. > Still, it creates more steps and could be confusing for new users. In the case of WebID certs downloading the certificate is in fact silly as you can produce a different one for each browser. So that message is a little misleading. A good UI should warn the user about that. > > > 3. After importing the cert, when I go to rww.io, it asks me to select a cert > (which I do) but then when I view silverbucket.rww.io it still says in the > upper right "webid login"... I can't tell if I registered this spot and it's > working, or not. There's no real user feedback as to login state. Same with > taskify.org. I don't know if this is a site UI problem or a cert issue. yes, a good web server should tell you if you are logged in in an obvious way. If they don't then it is a server UI issue. > > Would be cool to have login state also baked into the browser/profile/webid. > I imagine something like what chrome has, an avatar in the upper-left which > indicates who you "are" at the moment, with an overlay (padlock?, green/red > light?) icon of your login state for that particular site. yes, that is bug issue https://code.google.com/p/chromium/issues/detail?id=29784 This should also be followed up with other browser. > > I know most of my suggestions are for browser developers, I just wanted to > share my overall impression of WebID. I think it's a great idea, but it still > feels very intangible as a user. One can make pretty good UIs for this. > -Nick > > > > > > > > > > > On Wed, Aug 7, 2013 at 6:54 PM, Kingsley Idehen <[email protected]> > wrote: > On 8/7/13 12:43 PM, Nick Jennings wrote: >> It would help if there was some way one could reliably get and manage WebID. >> As it is right now, neither rww.io nor my-profile.eu (which are the only >> ones I know about) are functioning in terms of generating a WebID for the >> browser. > > Does this also apply to: > > 1. http://youid.openlinksw.com > 2. http://id.myopenlink.net/certgen . > > Note, both of these provide the pkcs#12 option (as opposed to keygen) by > default. > > In addition, if you already have a FOAF profile doc, use the second tab (we > forgot to list FOAF where you see OpenID). Then follow the wizard to then end > of the process which basically provides content for you to manually add to > your FOAF profile. Of course, if you don't manage your own profile document, > you take the defaults which leads to the profile document be hosted at > id.myopenlink.net. > > As I type, I just realized we overlooked a key feature and that's setting an > ACL on the profile document generated on id.myopenlink.net so that you > control the ACLs going forward. > > Note to self (and rest of OpenLink Data Spaces team), that's a new feature > zilla :-) > > > Kingsley >> >> I had some from my-profile.eu that were generated several months ago, but I >> removed them all during some tests and was unable to get a new one. I tried >> in both Firefox and Chrome. Anyone having trouble as well? >> >> >> >> >> On Tue, Aug 6, 2013 at 8:01 PM, Kingsley Idehen <[email protected]> >> wrote: >> All, >> >> Following the earlier posts about WebID (and by implication, WebID+TLS), >> here is a very simple demonstration of how we can put this technology to >> good use re., protected document authoring and editing. >> >> For this exercise I've performed the following steps: >> >> 1. Created a protected Turtle document at: >> <http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/WebID-ACL-Demos/simple-shared-turtle-doc.ttl> >> >> 2. Used WebID (Agent entity type denotation), WebID+TLS (for agent identity >> authentication), and an ACL (itself expressed in Turtle) to create a data >> access policy that enables anyone read the document's content, but only >> allowing those with verifiable WebIDs to perform read, write, and delete >> operations. >> >> This entire exercise is driven by Linked Data. >> >> Let everyone know how you get on :-) >> >> >> -- >> >> Regards, >> >> Kingsley Idehen >> Founder & CEO >> OpenLink Software >> Company Web: http://www.openlinksw.com >> Personal Weblog: http://www.openlinksw.com/blog/~kidehen >> Twitter/Identi.ca handle: @kidehen >> Google+ Profile: https://plus.google.com/112399767740508618350/about >> LinkedIn Profile: http://www.linkedin.com/in/kidehen >> >> >> >> >> >> > > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca handle: @kidehen > Google+ Profile: https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > > Social Web Architect http://bblfish.net/
