W3C home > Mailing lists > Public > public-identity@w3.org > February 2012

Re: W3C Web Identity Standardization Woes

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 08 Feb 2012 15:40:50 +0100
Message-ID: <4F328972.3000808@w3.org>
To: Anders Rundgren <anders.rundgren@telia.com>
CC: "public-identity@w3.org" <public-identity@w3.org>
Anders,

    Again, if you believe in your below statements, I kindly suggest you 
join another mailing list. Furthermore, there is no new information in 
your email, just the same opinion you re-iterated earlier a number of times.

           cheers,
                harry


On 02/08/2012 06:30 AM, Anders Rundgren wrote:
> http://www.w3.org/2011/08/webidentity-charter.html
>
> I hope you don't get too upset but I believe the last 12 months have shown that
> standardization of security and identity solutions on the web, particularly for
> schemes that introduce changes in the client-platform, is more or less infeasible.
>
> Why is that?  The interest in cooperating among the very few vendors that own
> the web is minimal.  In addition, the majority of all efforts in this space fail
> like Microsoft's Information Cards initiative.
>
> Regarding DomCrypt, I see this as a Mozilla project which the other vendors can
> take up or not depending if they find it useful.
>
> DomCrypt also shows the difficulty running open processes.  It has been claimed
> that DomCrypt could be "extended" to support smart cards.   No document or
> writeup has though been provided showing how this would work.  IMO smart
> cards using non-domain-restricted credentials such as PIV must not be exposed
> on the web; they can only be used by trusted applications such as TLS.
>
> Anders
>
Received on Wednesday, 8 February 2012 14:42:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 8 February 2012 14:42:14 GMT