- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 23 Nov 2016 06:23:23 +0100
- To: Timothy Holborn <timothy.holborn@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
On 2016-11-22 16:19, Timothy Holborn wrote: > "A digital car key, which is location and time-specific, is sent to the authorized service provider to access the vehicle. When the services are complete, the car is locked and the digital key expires." > > source: http://www.forbes.com/sites/joannmuller/2016/11/22/with-digital-key-volvo-owners-can-let-others-service-or-even-borrow-their-car/ Yes, but all this is following the same pattern as payments. That is, the world is rather betting on "Apps" than the "Web" since latter is completely handicapped w.r.t. to keys. With the removal of <keygen> the state of affaires got even worse. https://developer.android.com/training/articles/security-key-attestation.html Creating attested keys from the Web? Of course not, you must write an App and develop a proprietary protocol to use such fancy features. Wouldn't Android Pay benefit from attested keys? Sure, but since Google is a super-provider a single hard-coded URL in an App works just fine. Anders
Received on Wednesday, 23 November 2016 05:24:11 UTC