Re: Password-less auth vs VC-auth

Surely a simple “here’s a credential that proves who I am” must be considered “pretty good”. Let’s keep things simple. The older passwordless solutions are not that simple. 

Alan Davies
+1 818 415 0211

On Nov 7, 2021, at 14:38, Kyle Den Hartog <kyle.denhartog@mattr.global> wrote:


It's hard to make an evaluation of what's better without having any sort of use case or requirements listed. If you're only trying to achieve authentication like just a basic login, then a VC is probably overkill in what you're trying to achieve. However, if you're trying to build a registration flow or architect the system so that the backend system operates completely stateless, I could see advantages to using a VC based system.

Also, when you say password-less auth there's a whole class of potential methods you could use to achieve this. For example, webauthn, HTTP Signatures, DIDComm based co-protocol, or many other variations exist to achieve a password-less based auth system. However, without more details it's hard to compare any of them.

-Kyle
From: sethi shivam <sethishivam27@gmail.com>
Sent: Sunday, November 7, 2021 1:22 PM
To: W3C Credentials CG (Public List) <public-credentials@w3.org>
Subject: Password-less auth vs VC-auth
 
EXTERNAL EMAIL: This email originated outside of our organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Hi team ,

I am looking for the reasons why vc-auth is better than password-less auth.

And if i lose my phone , which process  is less painful to get my credentials back ?

Best Regards
Sethi Shivam 

Received on Monday, 8 November 2021 03:56:06 UTC