W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

RE: Solutions to the NASCAR problem?

From: <Joerg.Heuer@telekom.de>
Date: Mon, 23 Nov 2015 18:02:04 +0100
To: <anders.rundgren.net@gmail.com>, <dlongley@digitalbazaar.com>, <public-credentials@w3.org>, <public-webid@w3.org>
Message-ID: <FB5E170315856249A4C381355C027E4502A1AB899079@HE100041.emea1.cds.t-internal.com>
Hi again!

FIDO doesn't do identity management, but authentication, as was already stated. To that matter FIDO, as it is, does not explicitly support free assignments of AuthN tokens (or even token generators) to one or multiple identities.

I guess, the protocol could be enhanced to allow more control through the user than just confirming or not in the future. Alternatively, we could assume multiple FIDO tokens being available and being individually assigned to identities. Virtualization of FIDO tokens would seem a good topic to solve the problem early on.

Cheers,
	Jörg

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com] 
Sent: Samstag, 21. November 2015 20:53
To: Heuer, Jörg; dlongley@digitalbazaar.com; public-credentials@w3.org; public-webid@w3.org
Subject: Re: Solutions to the NASCAR problem?

On 2015-11-21 18:41, Joerg.Heuer@telekom.de wrote:
> Hello all,
>
> One of the main benefits to the 'wallet'-approach is, that the 
> negotiation between
 > the RP and the user's 'wallet' just doesn't have this problem at all.

Indeed.


> Once the RP sends a statement about what 'instruments' and IdPs it 
> accepts, it's
 > up to the 'wallet' of the user to figure out what to use. Could be very plain  > and offer all matches to the user to make a pick or it can be way more sophisticated  > and implement the user's policy according to context.

Fully implemented as well!
https://test.webpki.org/webpay-merchant/home



> And yes, FIDO should be among the technologies employed I'd say.

There is no public information about FIDO solving the NASCAR problem:
http://www.w3.org/Submission/2015/02/


Do you have any other information to share with us?

Anders


>
> Cheers,
> 	Jörg
>
> -----Original Message-----
> From: Dave Longley [mailto:dlongley@digitalbazaar.com]
> Sent: Samstag, 21. November 2015 16:31
> To: Anders Rundgren; W3C Credentials Community Group; 
> public-webid@w3.org
> Subject: Re: Solutions to the NASCAR problem?
>
> On 11/21/2015 02:11 AM, Anders Rundgren wrote:
>> I'm interested hearing what's available and what's cooking:
>> http://indiewebcamp.com/NASCAR_problem

>>
>> Just the core (and links), no TL;DR BS please.
>
> There's a very simple demo here:
>
> https://authorization.io

>
> It involves technology intended to solve the NASCAR problem. In step 2, the site you log into only needs to provide a login button; the browser will take care of the rest (finding out your IdP, etc).
>
> --
> Dave Longley
> CTO
> Digital Bazaar, Inc.
>

Received on Monday, 23 November 2015 17:02:42 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC