W3C home > Mailing lists > Public > public-credentials@w3.org > June 2020

Re: A Proposal for Credential-based login (public-webpayments'at'w3'dot'org 3-14-2014)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Tue, 2 Jun 2020 09:34:37 -0400
To: public-credentials@w3.org
Message-ID: <4a7ff10e-9efc-31e7-ed9b-13b996483ab8@digitalbazaar.com>
On 6/2/20 6:56 AM, Adrian Gropper wrote:
> I’m waiting for Apple Sign-In so I can at least have some privacy at the
> cost of my self- sovereignty.

Zero-day exploit found in "Sign in with Apple":

https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/

Goes to show you that one of the richest companies on the planet still
struggles with basic security implementation. To be clear, I'm not
slamming Apple, just showing how hard it is to actually build secure
systems... and "trusting the experts a proprietary system/software
companies" is not working out. I expect all of us don't have the capital
or security teams that Apple does... and even if you have those, things
like this still happen.

The benefit of open standards and source code that you can read is that
you get people outside of your company vetting the design and the
software. It doesn't mean that mistakes or bugs won't happen, but it can
reduce the chances once these things hit scale.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches
Received on Tuesday, 2 June 2020 13:34:51 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 2 June 2020 13:34:51 UTC