W3C home > Mailing lists > Public > public-identity@w3.org > August 2011

BankID's MobileID - V2

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sun, 07 Aug 2011 08:50:55 +0200
Message-ID: <4E3E35CF.3080704@telia.com>
To: "public-identity@w3.org" <public-identity@w3.org>
BankID in similarity to many other European organizations looking for secure
mobile solutions have built their vision on using SIM-cards since these offer
smart card security.

However, as I predicted more than a decade ago, building a universal authentication
solution on an operator-controlled platform is too difficult, so they recently switched
to "embedded credentials".

These solutions come in many flavors offering quite different security characteristics,
enrollment schemes and GUIs, as well as highly variant application integration features.

Although an obvious candidate for standardization, it has been proved (beyond doubt),
that such approaches doesn't work in "Google/Apple age" so users like BankID will have
to wait until the dust settles to see what actually survives.

Anders
Received on Sunday, 7 August 2011 06:51:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 7 August 2011 06:51:34 GMT