W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

Re: Solutions to the NASCAR problem?

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Mon, 23 Nov 2015 18:10:34 +0100
Message-ID: <CAKaEYhKiKqaWVR3p5P5Zk+3iTYbEBCk1jR-LtJOgfarGXF6s1Q@mail.gmail.com>
To: Joerg.Heuer@telekom.de
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Dave Longley <dlongley@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>, public-webid <public-webid@w3.org>
On 23 November 2015 at 18:02, <Joerg.Heuer@telekom.de> wrote:

> Hi again!
>
> FIDO doesn't do identity management, but authentication, as was already
> stated. To that matter FIDO, as it is, does not explicitly support free
> assignments of AuthN tokens (or even token generators) to one or multiple
> identities.
>

You cant do authentication effectively without identification.  Because you
have to authenticate *something*.

The minimum level of management is to document what identity you are
verifying.  Ideally further management items you get for free, as is the
case with HTTP identifiers.

Once you know what you're authenticating, it's easy enough to have a
"remember me" button in the client to solve the nascar problem.  Or to tie
a name and avatar to that identifier in order to make a good user
experience.  We seem to still be stuck in the 1980s on this front -- I'm
hoping innovation is coming when FIDO is introduced ...


>
> I guess, the protocol could be enhanced to allow more control through the
> user than just confirming or not in the future. Alternatively, we could
> assume multiple FIDO tokens being available and being individually assigned
> to identities. Virtualization of FIDO tokens would seem a good topic to
> solve the problem early on.
>
> Cheers,
>         Jörg
>
> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
> Sent: Samstag, 21. November 2015 20:53
> To: Heuer, Jörg; dlongley@digitalbazaar.com; public-credentials@w3.org;
> public-webid@w3.org
> Subject: Re: Solutions to the NASCAR problem?
>
> On 2015-11-21 18:41, Joerg.Heuer@telekom.de wrote:
> > Hello all,
> >
> > One of the main benefits to the 'wallet'-approach is, that the
> > negotiation between
>  > the RP and the user's 'wallet' just doesn't have this problem at all.
>
> Indeed.
>
>
> > Once the RP sends a statement about what 'instruments' and IdPs it
> > accepts, it's
>  > up to the 'wallet' of the user to figure out what to use. Could be very
> plain  > and offer all matches to the user to make a pick or it can be way
> more sophisticated  > and implement the user's policy according to context.
>
> Fully implemented as well!
> https://test.webpki.org/webpay-merchant/home
>
>
> > And yes, FIDO should be among the technologies employed I'd say.
>
> There is no public information about FIDO solving the NASCAR problem:
> http://www.w3.org/Submission/2015/02/
>
> Do you have any other information to share with us?
>
> Anders
>
>
> >
> > Cheers,
> >       Jörg
> >
> > -----Original Message-----
> > From: Dave Longley [mailto:dlongley@digitalbazaar.com]
> > Sent: Samstag, 21. November 2015 16:31
> > To: Anders Rundgren; W3C Credentials Community Group;
> > public-webid@w3.org
> > Subject: Re: Solutions to the NASCAR problem?
> >
> > On 11/21/2015 02:11 AM, Anders Rundgren wrote:
> >> I'm interested hearing what's available and what's cooking:
> >> http://indiewebcamp.com/NASCAR_problem
> >>
> >> Just the core (and links), no TL;DR BS please.
> >
> > There's a very simple demo here:
> >
> > https://authorization.io
> >
> > It involves technology intended to solve the NASCAR problem. In step 2,
> the site you log into only needs to provide a login button; the browser
> will take care of the rest (finding out your IdP, etc).
> >
> > --
> > Dave Longley
> > CTO
> > Digital Bazaar, Inc.
> >
>
>
Received on Monday, 23 November 2015 17:11:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC