- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Tue, 24 Nov 2015 10:44:44 -0500
- To: David Chadwick <d.w.chadwick@kent.ac.uk>, public-credentials@w3.org
On 11/24/2015 04:55 AM, David Chadwick wrote: > I have talked to some fido developers and they have said that they > can give our code access to public keys. So assuming this is true, > then our code will send this to the issuer in a new message, asking > for a signed credential to be returned. This is all additional to > standard FIDO messages To be clear, the system you are proposing doesn't work unless the FIDO devices expose this information to the developer in a widely deployed way (for example, 75% of the browser market implements it). At present, no one exposes this information? I'm not asserting that it can't be done, just that you've put the browser manufacturers in the critical path with no planned Working Group to do what you need and that has typically resulted in delays of multiple years (which we, the companies that are attempting to deploy product into the marketplace, don't have). That said, I still (personally) want to dive into the work you've done because I think it's interesting and maybe there is another way to achieve what you want w/o having such a reliance on the browser vendors and HSM vendors. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Web Payments: The Architect, the Sage, and the Moral Voice https://manu.sporny.org/2015/payments-collaboration/
Received on Tuesday, 24 November 2015 15:45:09 UTC