W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 20 Mar 2022 09:23:56 +0100
Message-ID: <8c115038-4ff9-e964-e293-ae504529edf1@gmail.com>
To: Tobias Looker <tobias.looker@mattr.global>, "dzagidulin@gmail.com" <dzagidulin@gmail.com>
Cc: Manu Sporny <msporny@digitalbazaar.com>, "public-credentials@w3.org" <public-credentials@w3.org>
On 2022-03-19 23:52, Tobias Looker wrote:
>  > Can you say more about those multiple ways? If I'm understanding correctly, there is just one mechanism that SIOP supports, and that is through a custom url protocol link. Is that not the case?
> 
> 
> I guess it depends on what you constitute as being different in this context? What I meant here was the options that DW listed.
> 
> 
> 1. Local Invocation via URL schemes or platform-registered HTTPS URL (e.g. universal links, app links)

Or by misusing PaymentRequest which is a pretty good replacement for the eternally missing Web2App API:
https://cyberphone.github.io/doc/web/calling-apps-from-the-web.pdf

> 
> 2. Cross-device Invocation via QR code holding above initiation URL

I'm not sure what that means.

> 
> 3. Cross-device invocation via wallet QR code reader

In this case I guess that most existing wallets invoke the app directly, eliminating any dependencies on Web standards.


Finally: A proper Web2App API would extend trough paired BLE so that mobile wallets could register their abilities and thus dealing with the NASCAR problem in the same way as same-device solutions.  In fact, it would be transparent for invoking Web applications where the wallets are situated.

thanx,
Anders
> 
Received on Sunday, 20 March 2022 08:29:25 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC