W3C home > Mailing lists > Public > public-webpayments@w3.org > August 2014

Re: Call for Participation: OASIS Identity Based Attestation and Open Exchange Protocol Specification (IBOPS) TC

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Sun, 10 Aug 2014 16:46:08 +1000
Message-Id: <7A4CB525-D575-4435-BD77-1A53117BC432@gmail.com>
Cc: "public-webpayments@w3.org" <public-webpayments@w3.org>
To: Manu Sporny <msporny@digitalbazaar.com>


> On 10 Aug 2014, at 8:01 am, Manu Sporny <msporny@digitalbazaar.com> wrote:
> 
> On 08/09/2014 02:25 AM, Anders Rundgren wrote:
>>> https://lists.oasis-open.org/archives/tc-announce/201408/msg00001.html
>> 
>> I think OASIS should try things they have a chance succeeding with.
>> AFAIK, their stake in the client platform is close to NULL. It is sad
>> that banks don't spend a dime on genuine web tech such as WebCrypto.
>> Or VISA explaining how their "tokenization" scheme would go into
>> WebPayments.
> 
> Agreed. I don't understand why the work is being done at OASIS either
> unless this is a purely insider play (meaning, the technology isn't
> meant to be used by the public, it's primarily for use in large
> enterprises). They have been successful at getting SAML adopted, so this
> wouldn't be the first time they've worked in the space. That Bank of
> America, RedHat, and Intel are taking the lead is interesting, the
> solution will most likely be colored (for better or worse) by a "big
> enterprise" palette.
> 
Why don't you call them and ask?

> For those that don't want to dig deep into the documents, here's what
> they're working on:
> 
> "The TC will develop the IBOPS specification to enable security systems
> to provide Identity Assertion, Role Gathering, Multi-Level Access
> Control, Assurance, and Auditing capabilities. IBOPS will define how
> software running on a client device can communicate with an
> IBOPS-enabled server. Methods for enabling security components to work
> with existing IBOPS components for integration into current operating
> environments will also be considered. An end-to-end specification
> describing the standards necessary to perform server-based enhanced
> biometric security will be created.  This solution will consider
> enrollment phase, maintenance, storage, and revocation. Version 1.0 of
> the specification should be completed within 18 to 24 months of the
> first meeting. "
> 
> "The TC might also develop interoperability profiles for OASIS Trust
> Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed
> appropriate by the TC."
> 
> Sounds like they're biting of a great deal of stuff, much of which we've
> marked as out of scope for the credentials work because each item alone
> would take years to complete.
> 
Funding / operational assumptions therein I'm guessing??

> We should track the IBOPS work closely and learn from it if they do
> something interesting. It wouldn't hurt to try and create a liason
> relationship between the Credentials CG and the IBOPS WG.
> 
+1
> -- manu
> 
> [1] https://www.oasis-open.org/standards
> 
> -- 
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: High-Stakes Credentials and Web Login
> http://manu.sporny.org/2014/identity-credentials/
> 
Received on Sunday, 10 August 2014 06:46:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:38 UTC