W3C home > Mailing lists > Public > public-credentials@w3.org > January 2022

Re: FedId CG at W3C and GNAP

From: Adrian Gropper <agropper@healthurl.com>
Date: Fri, 7 Jan 2022 15:42:00 -0500
Message-ID: <CANYRo8hU-n31jx6frYx4unBP9M1fFhHWrwL-ihWM6t5WqiXcSw@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Cc: Justin P Richer <jricher@mit.edu>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Thanks, Orie for starting this important thread. I will defer the technical
comments entirely to Justin and others.

From my perspective, the failure of SIOP in the wild needs to be understood
and rectified whether it involves GNAP or not. I tried to participate in
FedId CG from this perspective but quickly realized that they really were
only scoped to federated cases and trying to introduce self-sovereign
perspective in that CG would be torture for all involved.

I would also hope that Sam Smith contributes to this thread. His
perspective on decentralization seems important.

The other thing I've been trying to understand in the context of
self-sovereign authentication is biometrics.

   - Facial recognition is almost free and works well enough to be entirely
   passive and ambient for many use-cases. Like license plate scanners for
   people. Not necessarily a good thing.
   - Iris biometrics work even better and with appropriate hardware can be
   almost passive. How do we control that in a DID context?
   - Palm biometrics (as introduced by Amazon) are less passive and
   somewhat expensive but could also enter widespread use.
   - Local biometrics like Apple FaceID is already used to authenticate
   into Apple Wallet. Will it be used as an ankle bracelet analog? The answer
   seems to be yes, because that's how Apple Watch is used to interact with
   the wallet.
   - DNA readers get cheaper all the time...

Notice also that dealing with these issues is a matter of human rights, not
ethics.

I think self-sovereign authentication might be a worthwhile CCG work item.

- Adrian

On Fri, Jan 7, 2022 at 3:22 PM Orie Steele <orie@transmute.industries>
wrote:

> I asked them whether they considered GNAP via slack.
>
> https://w3ccommunity.slack.com/archives/C02355QUL73/p1641585415001900
>
> They are chartered here: https://fedidcg.github.io/
>
> To look at AuthN that breaks when browser primitives are removed.
>
> They are currently focused on OIDC, SAML, WS-Fed.
>
> The reason I asked them was in relation to the questions we have
> discussed regarding "What can GNAP replace".
>
> Clearly GNAP can replace OAuth, but I think you both have now confirmed
> that GNAP does not replace OIDC, or federated identity...
>
> I am confirming this one more time, just in case I got that wrong.
>
> Has there yet been discussion on what some kind of OIDC built on GNAP
> instead of OAuth would look like?.
>
> OS
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>
> ᐧ
>
Received on Friday, 7 January 2022 20:42:24 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:28 UTC