Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

On 2022-03-19 23:52, Tobias Looker wrote:
>  > Can you say more about those multiple ways? If I'm understanding correctly, there is just one mechanism that SIOP supports, and that is through a custom url protocol link. Is that not the case?
> 
> 
> I guess it depends on what you constitute as being different in this context? What I meant here was the options that DW listed.
> 
> 
> 1. Local Invocation via URL schemes or platform-registered HTTPS URL (e.g. universal links, app links)

Or by misusing PaymentRequest which is a pretty good replacement for the eternally missing Web2App API:
https://cyberphone.github.io/doc/web/calling-apps-from-the-web.pdf

> 
> 2. Cross-device Invocation via QR code holding above initiation URL

I'm not sure what that means.

> 
> 3. Cross-device invocation via wallet QR code reader

In this case I guess that most existing wallets invoke the app directly, eliminating any dependencies on Web standards.


Finally: A proper Web2App API would extend trough paired BLE so that mobile wallets could register their abilities and thus dealing with the NASCAR problem in the same way as same-device solutions.  In fact, it would be transparent for invoking Web applications where the wallets are situated.

thanx,
Anders
> 

Received on Sunday, 20 March 2022 08:29:25 UTC