- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 26 Aug 2014 13:08:43 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, public-credentials@w3.org
On 2014-08-26 12:47, Manu Sporny wrote: > On 08/26/2014 03:34 AM, Anders Rundgren wrote: >> I think it is important realizing that web-based credential sync is >> already featured in iOS and in Google Wallet. > > Which specific features are you talking about? The auto-credit card > features? Or request-autocomplete? Or something else? Credentials in iOS and Google Wallet only refer to cryptographic keys or userid/passwords. > >> AFAIK, these webs never expose any information to external parties, >> they are effectively cloud-based smart cards. > > Hmm, depends on what you mean by "expose any information", clearly some > information has to be exposed for the service to be useful. Are you > talking PKI signatures here, or something else? The credential sync maintains private information in a remote server which in the Google Wallet case only the user is supposed to have access to. The credentials are supposed to be used with local applications or the browser using specific protocols like VPNs. iCloud appears to be a more general solution for synced data: http://images.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf > >> This is probably not what you are targeting, right? > > There are a number of organizations each targeting something slightly > different. The use case is trying to capture the general theme without > being overly prescriptive. If you could elaborate on the above > (preferably with links) that would help us figure out what you consider > in scope and out of scope. :) I only wanted to highlight what parties like Apple and Google do in this space. Cheers Anders > > -- manu >
Received on Tuesday, 26 August 2014 11:09:38 UTC