Edit ISSUE-14: WebID and Browsers

Nickname:

Title:

State:

Product:

Raised By:

Description:

Add notes (no markup allowed, URIs get automatically hyperlinked):

Related emails:

  1. closed 9 issues (from henry.story@bblfish.net on 2011-11-25) (from henry.story@bblfish.net on 2011-11-25)
  2. RE: Web Tracking and User Privacy: The Next Steps. (from home_pw@msn.com on 2011-03-10) (from home_pw@msn.com on 2011-03-10)
  3. Re: Web Tracking and User Privacy: The Next Steps. (from henry.story@bblfish.net on 2011-03-10) (from henry.story@bblfish.net on 2011-03-10)
  4. RE: issue of initiating client auth for parallel SSL sessionids (from home_pw@msn.com on 2011-02-28) (from home_pw@msn.com on 2011-02-28)
  5. RE: issue of initiating client auth for parallel SSL sessionids (from ryan-webid@sleevi.com on 2011-02-27) (from ryan-webid@sleevi.com on 2011-02-27)
  6. Re: minutes of todays teleconf (from henry.story@bblfish.net on 2011-02-22) (from henry.story@bblfish.net on 2011-02-22)
  7. RE: Anonymity in the browser - was: nasty nasty bug in chrome (from home_pw@msn.com on 2011-02-12) (from home_pw@msn.com on 2011-02-12)
  8. RE: browser change; little, nothing or a lot? (from home_pw@msn.com on 2011-02-12) (from home_pw@msn.com on 2011-02-12)
  9. Anonymity in the browser - was: nasty nasty bug in chrome (from henry.story@bblfish.net on 2011-02-12) (from henry.story@bblfish.net on 2011-02-12)
  10. Re: browser change; little, nothing or a lot? (from henry.story@bblfish.net on 2011-02-12) (from henry.story@bblfish.net on 2011-02-12)
  11. Re: [foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission? (from corani@gmail.com on 2011-02-11) (from corani@gmail.com on 2011-02-11)
  12. Re: privacy considerations: can a nosy https: site probe user identity without explicit permission? (from henry.story@bblfish.net on 2011-02-11) (from henry.story@bblfish.net on 2011-02-11)
  13. privacy considerations: can a nosy https: site probe user identity without explicit permission? (from henry.story@bblfish.net on 2011-02-11) (from henry.story@bblfish.net on 2011-02-11)
  14. Re: nasty nasty bug in chrome (from henry.story@bblfish.net on 2011-02-09) (from henry.story@bblfish.net on 2011-02-09)
  15. Re: Account Management in Firefox 5 (from henry.story@bblfish.net on 2011-02-08) (from henry.story@bblfish.net on 2011-02-08)
  16. Re: WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] (from henry.story@bblfish.net on 2011-02-02) (from henry.story@bblfish.net on 2011-02-02)
  17. Re: WebID and browsers (from henry.story@bblfish.net on 2011-01-31) (from henry.story@bblfish.net on 2011-01-31)
  18. WebID-ISSUE-14 (bblfish): WebID and Browsers [use cases] (from sysbot+tracker@w3.org on 2011-01-31) (from sysbot+tracker@w3.org on 2011-01-31)

Related notes:

The "Web Security Context: User Interface Guidelines" [1] recommendation makes a good case as to why security chrome has to be very much controlled by the browser, as it is otherwise too easy to set up phishing attacks.

If a browser can connect using a certificate to the webid published in the certificate, and if this publishes the same public key as is in the certificate then the browser can use the information from that profile page to improve the selection mechanism for that certificate by using info at the SAN and at the IAN. This controlled method of allowing certificate selection mechanisms to be site controlled would allow flexibility without compromising security.



[1] http://www.w3.org/TR/wsc-ui/#keepchromevisible-goodpractice

Henry Story, 8 Feb 2011, 16:31:20

The WebID XG wrote up a paper for the Identity in the Browser conference that brought together most of what we could think of. It is here:

http://www.w3.org/2011/identity-ws/papers/idbrowser2011_submission_22/webid.html
We should perhaps add to that the possibility of javascript logout that works in Firefox and (IE?) and that the cryptography api group has decided to take that on.

Henry Story, 25 Nov 2011, 13:25:18


Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaël-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $