W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 20 Mar 2022 17:05:06 -0400
To: public-credentials@w3.org
Message-ID: <c05af5a2-e5a4-20ad-081e-064ea1ef482c@digitalbazaar.com>
On 3/19/22 6:52 PM, Tobias Looker wrote:
> 1. Local Invocation via URL schemes or platform-registered HTTPS URL (e.g. 
> universal links, app links)

As Dmitri elaborated earlier, this solution doesn't work for web-based wallets
and it only (partially) works for native app-based wallets. If there isn't a
URL scheme handler registered, the UX is awful (nothing happens and you can't
always detect that nothing happened). You are also forcing the individual to
install a native app instead of allowing them to pick among web-based and
native-based apps.

To contrast, CHAPI's approach works across the vast majority of browsers and
platforms, both for web-based wallets (via postMessage) and for native wallets
(via Web Share). That's not to say that CHAPI is perfect on every platform,
but it's certainly far more capable than native URL Scheme handlers.

> 2. Cross-device Invocation via QR code holding above initiation URL

This does not solve the problem of invoking a digital wallet on the same
device. For example, you're on your mobile phone browsing a website and want
to pick up a credential. QR Codes do not help you in that situation, which is
a very common one.

So, this one is a non-solution to the problem that CHAPI solves (same-device
invocation of a web or native wallet on the same device).

> 3. Cross-device invocation via wallet QR code reader

Again, different problem, and easy to address w/ a QR Code reader in a digital
wallet. The presumption here is that you're starting at your digital wallet --
presuming that digital wallets are going to be the centre of the ecosystem and
people's desired experiences is problematic.

The issue isn't cross-device... it's same device wallet invocation (which is a
very common use case).

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Sunday, 20 March 2022 21:05:25 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:25:29 UTC