W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 20 Mar 2022 12:10:35 -0400
To: public-credentials@w3.org
Message-ID: <a2983301-683a-dd94-6648-b033da5297c6@digitalbazaar.com>
On 3/18/22 3:27 PM, Anders Rundgren wrote:
> According to the W3C TAG, calling native apps from the Web should be
> abolished.

Oh, please, Anders! This is just simply not true. Proof:

https://www.w3.org/TR/web-share/

You can share data with native apps today on Edge, Chrome, Safari, iOS,
Android, Samsung, and Firefox:

https://caniuse.com/?search=web%20share

... and there is movement afoot to enable PWAs and Websites to be share
targets as well:

https://w3c.github.io/web-share-target/

If the latter were to happen (with a few minor tweaks), it would solve the
"invoke an open ecosystem wallet" problem for both web and native.

It'll take a few years to get the latter, but the former "calling native apps
from the Web" became a reality two years ago. The next version of CHAPI uses
this feature to send/receive Verifiable Presentation Requests w/ native apps, btw.

I'll also note that this mechanism is not susceptible to the same browser
vendor market pressures that were included in Orie's rant about browser
vendors and surveillance capitalism. The APIs above are not at risk in the
same way that OpenID redirects and openid:// protocol handlers are at risk.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Sunday, 20 March 2022 16:10:50 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC