W3C home > Mailing lists > Public > public-identity@w3.org > August 2011

Re: Identity in the Browser Workshop Report finish, chartering has begun

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Wed, 31 Aug 2011 08:56:37 +0200
Message-ID: <4E5DDB25.3030003@telia.com>
To: Harry Halpin <hhalpin@w3.org>
CC: public-identity@w3.org
On 2011-08-30 22:04, Harry Halpin wrote:
> I hope everyone have seen the news on W3's homepage namely that the 
> identity in the browser workshop final report is published [1] and we're 
> ready to go to the chartering stage. Expect the announcement of a draft 
> charter in about week or two.
> 
> Currently, the largest issue facing possible new work at the W3C is how 
> expansive should a new group be. Should it narrowly scope itself to deal 
> only with a common cryptography API or should it deal with larger 
> matters of identity and session-management?
> 
> Any opinions?
> 
>     cheers,
>         harry
> 
> 
> [1] http://www.w3.org/News/2011#entry-9185

You can view this topic from many angles but one thing is fore sure:
Standardization of browser identity solutions will not follow the
path of traditional standardization.   There are many reasons for that
including:

- There are very few vendors (implementations)
- The scope is huge; from the social web to the enterprise
- Most of the affected parties do not participate in open forums
- Microsoft is generally absent since their browser isn't open source
- The development pace has increased dramatically

>From an SDO point of view a problem is getting members.  I still find
it odd that banks and government agencies put so little time and money
into solutions that they eventually will use.  Maybe they plan is to
continue as before, where they in most case replaced the browsers'
built-in authentication schemes including client-cert-authentication?

Personally I continue with Token Provisioning:
http://www.ietf.org/mail-archive/web/pkix/current/msg29682.html

That there is no interest from the token vendors is not because I'm
doing something particularly bad, but because they live on professional
services for [often quite clueless] very deep-pocketed customers.
A "Volk Token" scheme is not a priority item so to say :-)

Cheers,
Anders
Received on Wednesday, 31 August 2011 06:57:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 31 August 2011 06:57:28 GMT