- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 30 Apr 2016 07:28:35 +0200
- To: Harry Halpin <hhalpin@w3.org>, Randall Leeds <randall.leeds@gmail.com>, Web Payments CG <public-webpayments@w3.org>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
On 2016-04-30 06:34, Harry Halpin wrote:
>
<snip>
>> The thing I mentioned as another way forward. It has IMO much better
>> chances of getting traction because crypto without trusted UI and
>> trusted storage isn't that terribly useful.
>>
>> These topics were either rejected or ignored by the WebCrypto WG.
>
> For good reason. There isn't such a thing really as 'trusted UI' that
> users understand and there isn't a unified thing such as 'trusted storage.'
That's correct. However, there is another more down-to-earth definition which
is that the issuer/relying party/etc consider the system interacting with and
storing keys as trusted. E.g. Apple Pay.
>> The Web Payment WG haven't mentioned WebCrypto as a possible security
>> solution.
>
> I think the above statement confuses the relationship between how these
> technology stacks work. Crypto API is for low-level primitives in
> Javascript, not wallets.
Confusing or not it seems that WebCrypto will not be used for wallets,
not even Web wallets.
>> But there's nothing to get hung about; some standards get wide-spread
>> adoption, others do not.
>
> For example, your WebPKI work to reproduce PKI in XML has, I believe, zero adoption.
WebPKI is nowadays a wide range of things. Although adoption probably is zero, some of
the stuff may be leaving that pitiful state: http://www.conferences-pic.com/#demos
My most recent project (it feels more like a crusade...); "Uniting the Web and App worlds" have lots of "moral" (and indirect) supporters.
Anders
>
>> However, I think it could be useful analyzing the outcome of every
>> standards effort in order to (maybe) be better prepared for new
>> endeavors!
>
> Agreed.
>
>>
>> Anders
>>
>>>
>>> On Fri, Apr 29, 2016 at 1:56 AM Timothy Holborn
>>> <timothy.holborn@gmail.com <mailto:timothy.holborn@gmail.com>> wrote:
>>>
>>> imho cryptography that is highly secure from un-intended use
>>> seemed interesting yet difficult to find means to work
>>> collaboratively on the stuff that would otherwise be considered 'low
>>> hanging fruit'. So, when thinking about it from a modern context - i
>>> also took into account quantum computing capabilities as to consider
>>> meaningfully concepts surrounding the principle of 'rule of law'
>>> where i noted today the following text
>>>
>>> There is no single agreed definition of the rule of law. However,
>>> there is a basic core definition that has near universal acceptance.
>>>
>>> As Emeritus Professor Geoffrey Walker, has written in his
>>> defining work on the rule of law in Australia: ‘…most of the content
>>> of the rule of law can be summed up in two points:
>>>
>>> (1) that the people (including, one should add, the government)
>>> should be ruled by the law and obey it and
>>>
>>> (2) that the law should be such that people will be able (and,
>>> one should add, willing) to be guided by it.’
>>>
>>> – Geoffrey de Q. Walker, The rule of law: foundation of
>>> constitutional democracy, (1st Ed., 1988).
>>>
>>>
>>>
>>> Source: http://www.ruleoflaw.org.au/principles/
>>>
>>>
>>> also, IMHO: It's that concept of a 'human centric web' that's
>>> most difficult to discover. Yet in consideration - the way most
>>> people (who are old enough to remember) started on the web with
>>> trumpet winsock[2] - not something that was packaged with the OS
>>> (without going into the really old stuff...).
>>>
>>> Now therefore; When considering the concept of the map [3] I've
>>> been thinking about the differences or nuances between the goals of
>>> building a web for documents (ie: web 1/2) and one for data ("web
>>> 3"). If a 'trumpet winsock' to deal with the ID/Crypto issues were
>>> produce today, what would it do and how could it be packaged? How
>>> would solve the very diverse issues that relate to the problem-domain?
>>>
>>> I guess underlying it all is a need to acknowledge that decisions
>>> are being made about processes that are being put into the hands of
>>> various parties and pending the architectural decisions of those
>>> designs; we'll end-up with different social outcomes regardless of
>>> 'who wins' the more myopically definitive process as to have
>>> successfully completed the project. Equally; i'm probably better
>>> off coding rather than thinking and well, the work done here has been
>>> rather awesome; so perhaps it's just my expectations that need to be
>>> adjusted... that balance between doing your best and living with
>>> humility / being human.
>>>
>>> I think more work needs to go into producing interoperablity with
>>> SoLiD[4] solutions. For me the process of trying to bring the two
>>> worlds together seems really very daunting...
>>>
>>> Tim.H
>>>
>>> [1] https://en.wikipedia.org/wiki/Lattice-based_cryptography
>>> [2] http://thanksfortrumpetwinsock.com/
>>> [3] https://www.w3.org/2007/09/map/main.jpg
>>> [4] https://github.com/solid/
>>>
>>>
>>> On Tue, 19 Apr 2016 at 15:33 Anders Rundgren
>>> <anders.rundgren.net@gmail.com
>>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>>
>>>
>>> https://lists.w3.org/Archives/Public/public-webcrypto/2016Jan/0022.html
>>>
>>> And still no interoperable standard.
>>>
>>> Making it possible extending browsers through Apps seems like
>>> a much easier way keeping the Web alive and kicking.
>>> Insurmountable security issues? No, Google and Microsoft
>>> have solved these in Web Payments; they just haven't shared their
>>> findings with us.
>>>
>>> Anders
>>>
>>
>>
>
>
Received on Saturday, 30 April 2016 05:29:19 UTC