Re: Password-less auth vs VC-auth from Kyle Den Hartog on 2021-11-07 (public-credentials@w3.org from November 2021)

From: Kyle Den Hartog <kyle.denhartog@mattr.global>
Date: Sun, 7 Nov 2021 22:36:07 +0000
To: sethi shivam <sethishivam27@gmail.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <MEYP282MB40578F5710F89A94EB1B76F1FC909@MEYP282MB4057.AUSP282.PROD.OUTLOOK.COM>

It's hard to make an evaluation of what's better without having any sort of use case or requirements listed. If you're only trying to achieve authentication like just a basic login, then a VC is probably overkill in what you're trying to achieve. However, if you're trying to build a registration flow or architect the system so that the backend system operates completely stateless, I could see advantages to using a VC based system.

Also, when you say password-less auth there's a whole class of potential methods you could use to achieve this. For example, webauthn, HTTP Signatures, DIDComm based co-protocol, or many other variations exist to achieve a password-less based auth system. However, without more details it's hard to compare any of them.

-Kyle
________________________________
From: sethi shivam <sethishivam27@gmail.com>
Sent: Sunday, November 7, 2021 1:22 PM
To: W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Password-less auth vs VC-auth

EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Hi team ,

I am looking for the reasons why vc-auth is better than password-less auth.

And if i lose my phone , which process  is less painful to get my credentials back ?

Best Regards
Sethi Shivam

Received on Sunday, 7 November 2021 22:36:25 UTC