- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 23 Nov 2015 19:14:18 +0100
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
On 2015-11-23 17:47, David Chadwick wrote: > <snip> >> Agreed. I was actually referring to "my model" where key metadata plays a >> major role. A scaled-down version of this can be found in this one-page >> doc: >> http://webpki.org/papers/decentralized-payments.pdf >> The certificate could surely be replaced by an account-ID, but I'm >> old-school you know :-) >> > > Your model is similar to mine, but is dealing with a step after mine has > completed. To me they look pretty different. There's no "before-step" in my model. When you have received your virtual credit-card, you can start shopping wherever you want. > Mine deals with presenting a credentail/assertion, then > stops. FIDO already has a process for OKing a transaction. > Comparing our models, your wallet is my authz module, your cert is > replaced by a FIDO key pair, so no identity is associated with the > public key. I still don't understand how your (per/site) credential bootstrap process works from a users perspective. > The web site sends its authz policy to the wallet/authz module and it > compares this to the credentials held by the user. It either presents > matching ones for the user to choose between (more than one match) or > consent to (exactly one match) or say Sorry you cannot proceed > (insufficient credentials). I think I have got that. Regards, Anders > > regards > > David >> >>> Usability is always hard to get right, but we have experimented with a >>> GUI for over a year and think it is intuitive and easy to use. >> >> *This* is the thing I'm Interested in. How is the consumer key sent to >> the issuer from a user perspective? >> >> >>> I am not aware of any additional security issues with this scheme that >>> are not always present when users and technology are involved. >> >> You're probably right :-) >> >> Regards >> Anders >>> >>> regards >>> >>> David >>>> >>>> Regards >>>> Anders >>>> >>>>> >>>>> regards >>>>> >>>>> David >>>>>> >>>>>> Anders >>>>>> >>>> >>>> >> >>
Received on Monday, 23 November 2015 18:14:56 UTC