Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07

Wolfgang Beck <wolfgang.beck01@googlemail.com> Wed, 06 November 2013 00:36 UTC

Return-Path: <wolfgang.beck01@googlemail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C14B021E809A for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 16:36:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.877
X-Spam-Level:
X-Spam-Status: No, score=-1.877 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hEzV58ZiWSNZ for <rtcweb@ietfa.amsl.com>; Tue, 5 Nov 2013 16:36:35 -0800 (PST)
Received: from mail-vb0-x234.google.com (mail-vb0-x234.google.com [IPv6:2607:f8b0:400c:c02::234]) by ietfa.amsl.com (Postfix) with ESMTP id E4E0411E81E1 for <rtcweb@ietf.org>; Tue, 5 Nov 2013 16:36:28 -0800 (PST)
Received: by mail-vb0-f52.google.com with SMTP id f12so2364936vbg.11 for <rtcweb@ietf.org>; Tue, 05 Nov 2013 16:36:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=2zy9tOUCWSQ1KessJ4m220ZvGQ1b7CRkZna70KF5iH0=; b=EDYUF7HaDu2elqiqZ7zCSsKqZRa6DaFyrSzCQi8p+P9A1HgZUDWIQAm1eK8b+txY3j Qk9pNDBy8laYFER8Gh0uFUmH408zEoxpxE4ywFsygh6CqU3AdqCjTzepTW2VXCX/iMFP rQfTcDOZUGkyWXmv2v4In5reSdqnMMjOb2Vrdo6PliPaz6v8GAQiqdlJjfRs4UBXue9j vTT2i3m5/LiB+/Qqd0qAc5b0RVsFOReUUuRwPEenuHWX5obcw8JmHTQbt+OGxf8JTL42 N4q3ALHiYaixhMqEu6EpImE9HSqAPeqgtWFsFMEXdYOOcfwTAW1oYLNxQwcX4NNFRV/E yYGA==
MIME-Version: 1.0
X-Received: by 10.52.165.131 with SMTP id yy3mr114083vdb.25.1383698188239; Tue, 05 Nov 2013 16:36:28 -0800 (PST)
Received: by 10.58.45.169 with HTTP; Tue, 5 Nov 2013 16:36:28 -0800 (PST)
Received: by 10.58.45.169 with HTTP; Tue, 5 Nov 2013 16:36:28 -0800 (PST)
In-Reply-To: <CABkgnnUJSWz9fqUNSp3+RGyFpHVddXWHq9Y2nMTMUf9n2H798Q@mail.gmail.com>
References: <CAAJUQMgRqOggVzviMPnvpkwSzYJeEe_1S5K00chdGq-Hghq3Dg@mail.gmail.com> <52795BF0.1020207@makk.es> <CAAJUQMj2_sXtyTf=SugJWA81Ho_+G5WJN4QCfv1Z1FQdZL=Reg@mail.gmail.com> <CABkgnnUJSWz9fqUNSp3+RGyFpHVddXWHq9Y2nMTMUf9n2H798Q@mail.gmail.com>
Date: Wed, 6 Nov 2013 01:36:28 +0100
Message-ID: <CAAJUQMjmWsTmvkWDgJeNuocWYAiTerT=P7fMHbXRx6mjfe9DMg@mail.gmail.com>
From: Wolfgang Beck <wolfgang.beck01@googlemail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2c54afc872d04ea7756f9
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] usability of IdP concepts in draft-ietf-rtcweb-security-arch-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 00:36:36 -0000

I'm not convinced. How would you explain to the user why he has to login --
or select an idp -- twice? Maybe this is more an API/W3C topic.
Am 05.11.2013 15:38 schrieb "Martin Thomson" <martin.thomson@gmail.com>om>:

> On 5 November 2013 14:03, Wolfgang Beck <wolfgang.beck01@googlemail.com>
> wrote:
> > Having to log in twice will only be tolerated by a small minority of
> people.
>
> That assumes that the login is not persistent.  I believe that there
> are plenty of options an IdP can use to ensure that this doesn't
> become necessary.
>