Re: W3C Web Identity Standardization Woes from Anders Rundgren on 2012-02-08 (public-identity@w3.org from February 2012)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Wed, 08 Feb 2012 20:50:21 +0100
To: Ron Garret <ron@flownet.com>
CC: public-identity@w3.org, Harry Halpin <hhalpin@w3.org>
Message-ID: <4F32D1FD.5010204@telia.com>

On 2012-02-08 19:10, Ron Garret wrote:
> +1.  The belief that something is infeasible is in nearly all cases a self-fulfilling prophecy.

That standardization is infeasible isn't equivalent to no progress,
it just means that for those who want to achieve something tangible (which
Google hasn't already done), you IMO need to come up with a better plan.

The "big three" are putting all their power into mobile computing and
outsiders simply aren't welcome.

Anyway, I let you continue with whatever you do in peace; I stick to
the Open Source/Hardware route and skip standardization.  There are
no surefire successes in this space and I wish you luck.

Anders

> 
> On Feb 8, 2012, at 6:40 AM, Harry Halpin wrote:
> 
>> Anders,
>>
>>   Again, if you believe in your below statements, I kindly suggest you join another mailing list. Furthermore, there is no new information in your email, just the same opinion you re-iterated earlier a number of times.
>>
>>          cheers,
>>               harry
>>
>>
>> On 02/08/2012 06:30 AM, Anders Rundgren wrote:
>>> http://www.w3.org/2011/08/webidentity-charter.html
>>>
>>> I hope you don't get too upset but I believe the last 12 months have shown that
>>> standardization of security and identity solutions on the web, particularly for
>>> schemes that introduce changes in the client-platform, is more or less infeasible.
>>>
>>> Why is that?  The interest in cooperating among the very few vendors that own
>>> the web is minimal.  In addition, the majority of all efforts in this space fail
>>> like Microsoft's Information Cards initiative.
>>>
>>> Regarding DomCrypt, I see this as a Mozilla project which the other vendors can
>>> take up or not depending if they find it useful.
>>>
>>> DomCrypt also shows the difficulty running open processes.  It has been claimed
>>> that DomCrypt could be "extended" to support smart cards.   No document or
>>> writeup has though been provided showing how this would work.  IMO smart
>>> cards using non-domain-restricted credentials such as PIV must not be exposed
>>> on the web; they can only be used by trusted applications such as TLS.
>>>
>>> Anders
>>>
>>
>>
> 
> 
>

Received on Wednesday, 8 February 2012 19:58:10 UTC