W3C home > Mailing lists > Public > public-identity@w3.org > February 2012

W3C Web Identity Standardization Woes

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Wed, 08 Feb 2012 06:30:07 +0100
Message-ID: <4F32085F.9000508@telia.com>
To: "public-identity@w3.org" <public-identity@w3.org>
http://www.w3.org/2011/08/webidentity-charter.html

I hope you don't get too upset but I believe the last 12 months have shown that
standardization of security and identity solutions on the web, particularly for
schemes that introduce changes in the client-platform, is more or less infeasible.

Why is that?  The interest in cooperating among the very few vendors that own
the web is minimal.  In addition, the majority of all efforts in this space fail
like Microsoft's Information Cards initiative.

Regarding DomCrypt, I see this as a Mozilla project which the other vendors can
take up or not depending if they find it useful.

DomCrypt also shows the difficulty running open processes.  It has been claimed
that DomCrypt could be "extended" to support smart cards.   No document or
writeup has though been provided showing how this would work.  IMO smart
cards using non-domain-restricted credentials such as PIV must not be exposed
on the web; they can only be used by trusted applications such as TLS.

Anders
Received on Wednesday, 8 February 2012 05:33:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 8 February 2012 05:33:24 GMT