- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 18 Apr 2015 10:37:13 +0200
- To: W3C Credentials Community Group <public-credentials@w3.org>
Since credential sync was mentioned as a missing feature in the WebAppSec Credential Management FPWD, I would be interested in hearing a bit more what kind of solutions you had in mind. It appears to be a non-trivial matter, particularly if you want to exclude the sync-service from direct access to key material. I guess there's a mine-field of patents here as well. For certain types of credentials like eID, I don't expect sync to be applicable since export of private keys usually is forbidden. This is though not such a major problem because you could (if the technology was there...), use one device to securely enroll a "clone" on another device. This also allows selective revoke, something which is less possible with synced credentials. Maybe remote wipe is the better solution? Anders
Received on Saturday, 18 April 2015 08:37:49 UTC