W3C home > Mailing lists > Public > public-webpayments@w3.org > August 2014

Re: Call for Participation: OASIS Identity Based Attestation and Open Exchange Protocol Specification (IBOPS) TC

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 10 Aug 2014 00:54:34 +0200
Message-ID: <CAKaEYh+0oE9ooWhZ4M=BXu05pJJ=3kSSo+dVWCAc-uQ+QQkvDA@mail.gmail.com>
To: Joseph Potvin <jpotvin@opman.ca>
Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>
On 10 August 2014 00:47, Joseph Potvin <jpotvin@opman.ca> wrote:

> It seems to me as an effort by a team at Bank of America to re-fashion
> their in-house credentials management system as an external "industry
> standard". It it comes to be adopted by others, this saves Bank of
> America the trouble of migrating to something else.
>
> It's common for entities with major in-house deployments to try to get
> their thing placed as the basis for a standard.
>

+1


>
> Joseph
>
> On Sat, Aug 9, 2014 at 6:01 PM, Manu Sporny <msporny@digitalbazaar.com>
> wrote:
> > On 08/09/2014 02:25 AM, Anders Rundgren wrote:
> >>> https://lists.oasis-open.org/archives/tc-announce/201408/msg00001.html
> >>
> >> I think OASIS should try things they have a chance succeeding with.
> >> AFAIK, their stake in the client platform is close to NULL. It is sad
> >> that banks don't spend a dime on genuine web tech such as WebCrypto.
> >> Or VISA explaining how their "tokenization" scheme would go into
> >> WebPayments.
> >
> > Agreed. I don't understand why the work is being done at OASIS either
> > unless this is a purely insider play (meaning, the technology isn't
> > meant to be used by the public, it's primarily for use in large
> > enterprises). They have been successful at getting SAML adopted, so this
> > wouldn't be the first time they've worked in the space. That Bank of
> > America, RedHat, and Intel are taking the lead is interesting, the
> > solution will most likely be colored (for better or worse) by a "big
> > enterprise" palette.
> >
> > For those that don't want to dig deep into the documents, here's what
> > they're working on:
> >
> > "The TC will develop the IBOPS specification to enable security systems
> > to provide Identity Assertion, Role Gathering, Multi-Level Access
> > Control, Assurance, and Auditing capabilities. IBOPS will define how
> > software running on a client device can communicate with an
> > IBOPS-enabled server. Methods for enabling security components to work
> > with existing IBOPS components for integration into current operating
> > environments will also be considered. An end-to-end specification
> > describing the standards necessary to perform server-based enhanced
> > biometric security will be created.  This solution will consider
> > enrollment phase, maintenance, storage, and revocation. Version 1.0 of
> > the specification should be completed within 18 to 24 months of the
> > first meeting. "
> >
> > "The TC might also develop interoperability profiles for OASIS Trust
> > Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed
> > appropriate by the TC."
> >
> > Sounds like they're biting of a great deal of stuff, much of which we've
> > marked as out of scope for the credentials work because each item alone
> > would take years to complete.
> >
> > We should track the IBOPS work closely and learn from it if they do
> > something interesting. It wouldn't hurt to try and create a liason
> > relationship between the Credentials CG and the IBOPS WG.
> >
> > -- manu
> >
> > [1] https://www.oasis-open.org/standards
> >
> > --
> > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> > Founder/CEO - Digital Bazaar, Inc.
> > blog: High-Stakes Credentials and Web Login
> > http://manu.sporny.org/2014/identity-credentials/
> >
>
>
Received on Saturday, 9 August 2014 22:55:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:38 UTC