bblfish
commented
8 years ago @dirkx what you say is even more true than most people realise one you see that you can use TLS client certificates without needing to go through a Certificate Authority in a cross origin manner as described by the WebID-TLS spec. Being able to cross origins of course makes certificates much more useful.
One thing I am missing from the requirements is the very decentralised, federated and 'ask no one permission' style nature of this type of client authentication.
Someone can quite easily start 'accepting' a total 'strangers' certificates; and take things from there.
E.g. an informal medical discussion forum for doctors-in-residence can easily use the hospitals internal/enterprise client certs without ado and on a totally unrelated server.
Without any technical or organisational connection (versus having a hobbyist doctor asking his IT department for a full-on connection to ActiveDirectory!).
And it is that 'contribute' to the world wide web without having to ask-permission from those you 'links point to' or clear a inter-organisational hurdle that is so key to the world-wide-web being that; the world wide web.