- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 22 Nov 2015 17:33:26 +0100
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
On 2015-11-22 17:10, David Chadwick wrote: > Hi Anders Hi David, <snip> >>> The user sends the consumer SOP public key to the issuer and the issuer >>> assigns the attribute to that. >> >> I think you lost me here, at least with respect to the NASCAR problem. > > This is because the user does not go to any third party to authenticate > to a site. A new key pair is generated for the site, and this > authenticates the user each time he calls. Note however that FIDO does > not provide any identity or authz information, just an authn key, which > is why we need to add this functionality using issuers. It is this sending of the consumer public key to issuer by the user which I don't quite understand :( Anders
Received on Sunday, 22 November 2015 16:34:04 UTC