- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 23 Nov 2015 13:00:20 +0100
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
On 2015-11-23 10:51, David Chadwick wrote: snip> > On 23/11/2015 05:40, Anders Rundgren wrote: >> Pardon me for being unclear. I understand the concept on this level, >> I was only curious about the user processes needed for this to work. >> >> Anyway, I have considerable faith in the augmented key model where >> issuer-defined attributes are used to enhance a key's usage. >> >> The "only" problem is how to deal with such keys on the Web without >> creating [close to] unresolvable privacy, usability, or security problems. > > You are correct that there are some privacy issues, but I do not believe > they are that big if everyone plays by the rules. If they do not, then > there can never be any privacy guarantees as Edward has kindly revealed. Agreed. I was actually referring to "my model" where key metadata plays a major role. A scaled-down version of this can be found in this one-page doc: http://webpki.org/papers/decentralized-payments.pdf The certificate could surely be replaced by an account-ID, but I'm old-school you know :-) > Usability is always hard to get right, but we have experimented with a > GUI for over a year and think it is intuitive and easy to use. *This* is the thing I'm Interested in. How is the consumer key sent to the issuer from a user perspective? > I am not aware of any additional security issues with this scheme that > are not always present when users and technology are involved. You're probably right :-) Regards Anders > > regards > > David >> >> Regards >> Anders >> >>> >>> regards >>> >>> David >>>> >>>> Anders >>>> >> >>
Received on Monday, 23 November 2015 12:00:59 UTC