Anway, pretty much end-of-message, except for some pointers.
- Here’s a demo (confusingly called WebID, since that’s what FOAF+SSL also calls itself). Yes, certificate warnings are expected.
- A blog post about WebID.
- A slide deck.
- A blog post about the JS implementation of TLS.
- The TLS code on GitHub (I’m beginning to like GitHub, even if git still seems incomprehensible to me).
I am very interested in finding competent JS/UI people who would be interested in banging harder on this problem – I can do all the crypto stuff, but I confess UI is not my forte! Anyone out there?
Note, by the way, that the focus on browsers as the “home of authentication” is also a barrier to change – applications also need to authenticate. This is why “zero install” solutions that rely on browsers (e.g. OpenID) are likely doomed to ultimate failure – by the time you’ve built all that into an application (which is obviously not “zero install”), you might as well have just switched it to using TLS and a client certificate…