W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

Re: Solutions to the NASCAR problem?

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 22 Nov 2015 17:33:26 +0100
To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
Message-ID: <5651EE56.1030802@gmail.com>
On 2015-11-22 17:10, David Chadwick wrote:
> Hi Anders

Hi David,

<snip>

>>> The user sends the consumer SOP public key to the issuer and the issuer
>>> assigns the attribute to that.
>>
>> I think you lost me here, at least with respect to the NASCAR problem.
>
> This is because the user does not go to any third party to authenticate
> to a site. A new key pair is generated for the site, and this
> authenticates the user each time he calls. Note however that FIDO does
> not provide any identity or authz information, just an authn key, which
> is why we need to add this functionality using issuers.

It is this sending of the consumer public key to issuer by the user which
I don't quite understand :(

Anders
Received on Sunday, 22 November 2015 16:34:04 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC