- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 17 Mar 2014 08:28:54 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>
On 2014-03-16 19:59, Manu Sporny wrote: > The poll to rename the Web Identity spec closed Friday night at midnight > ET. Here are the poll results after they're combined w/ Kingsley and > Michael's mailing-list based suggestions: > > Web Credentials 3 > Identity Credentials 15 > Open Credentials 1 > Verified Credentials 1 > Web Identity Credentials 1 > > The details are attached as a PDF summary of the poll and a CSV file > outlining each vote. The website and specification title have been > updated to match the consensus reached via the poll: > > https://github.com/web-payments/web-payments.org/commit/0c0f8bdc2ab2dedabd60149f7801ea3e2abd1a72 Google's handling of U2F which is about the only innovative web security solution introduced the last 15 years says it all: Standardization processes do not generally work well when combined with innovation. It simply gets too fuzzy. Successful standardization rather builds on _established_ technology or concepts. If you really want to do something in client authentication you need: 1) a new process, 2) an early buy-in from a major platform vendor. Since none of that is likely to happen, the second best option is making the payment standard-to-be _agnostic_ to the authentication method. I expect this message to be ignored, Naysayers are quite unpopular, right? Anders PS That Mozilla's key-generation utility haven't improved since 1995 is IMO another sign of that this space is close to immune to innovation. Their soft token scheme doesn't even feature PIN-codes which is a standard feature in banking. Note: Mozilla is "in good company", this is just an example. DS > > -- manu >
Received on Monday, 17 March 2014 07:29:25 UTC