W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: The "korean bank" use-case

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sun, 27 Nov 2011 18:52:56 +0100
Message-ID: <4ED278F8.1070205@telia.com>
To: Ron Garret <ron@flownet.com>
CC: "public-identity@w3.org" <public-identity@w3.org>
On 2011-11-27 17:31, Ron Garret wrote:
<snip>

>> I.e. my quest for a simpler "web token" is a more realistic take on this topic in spite of
>> the fact that you need new hardware.
> 
> Why do you think you need new hardware?  There are existing hardware solutions that are simpler than full-blown smart cards:
> 
> https://www.swekey.com/
> http://www.safenet-inc.com/products/data-protection/two-factor-authentication/certificate-based-pki-usb-authenticators/
> http://www.cryptomate.com/

These are good "solutions" but are unsuitable as foundations for standards.
If we take the eToken for example, it has existed for a decade but it cannot
be provisioned from a browser.  A system that is supposed to be browser-
friendly must IMHO support browser provisioning.

I believe that requires hardware that is designed for this use-case.
Progress is zero in this space.  Only dedicated stuff like the Google
Wallet seems to work.  Maybe the fact that Google intends to make money
on the Wallet is the differentiating factor :-)

Anders

> 
> There are also mobile devices.  Apps are not as secure as a dedicated device but more secure than a browser, so something like this:
> 
> http://www.rsa.com/node.aspx?id=3651
> http://itunes.apple.com/us/app/oath-token/id364017137
> 
> might be good enough.
> 
> BTW, I am not endorsing any of these, just pointing to them out as data points to inform the discussion.
> 
> rg
> 
> 
Received on Sunday, 27 November 2011 17:53:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 November 2011 17:53:39 GMT