- From: David Waite <dwaite@pingidentity.com>
- Date: Mon, 21 Mar 2022 16:14:38 -0600
- To: dzagidulin@gmail.com
- Cc: Benjamin Goering <bengoering@gmail.com>, Manu Sporny <msporny@digitalbazaar.com>, Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CA+3kW=Yp9Cym_3R4YS1gDFZdyA=dhcj+xGLsx9d8pzcoW=7C=g@mail.gmail.com>
> Yeah, I agree with you. At the moment, OIDC (or SIOP v2) for individual > consumer usage is limited (kneecapped?) by the whims of the browser and OS > vendors. But there's always hope! (Although, I was sad to see that FedCM, > an attempt by the browsers to address some OIDC/OAuth2 shortcomings in the > UI, still suffers from the same centralizing forces that > non-browser-mediated OIDC has, namely -- individual website-controlled > choice of wallets and identity providers. As opposed to having it be the > user's choice, which is much more preferable.) > The service requesting federation is going to want to filter to authentications it supports; the alternative is the users share personal information with a service that won't consume it. That should be no different than credential presentations. Federation (as an abstraction) pushes as much responsibility to the identity provider as possible, as there are multiple orders of magnitude more services than identity providers, and most of those services consider identity and access management functions to be largely orthogonal to their value. That does however make a particular provider's value, and disadvantages, pretty inseparable. Social networks aren't just providing signed information, but outsourced identity management responsibilities. CIAM products are a white-labelled version of this - features such as account registration, self-service management and recovery, authorizations, and even fraud and risk analysis are all pushed behind the request/response call made by the relying service. One of the value of CIAM products (said as an employee of a CIAM vendor) is that you keep control of these - so for example, your service can offer social logins at the user's preference, but can also set up and provide recovery processes if access to that social account gets blocked. I personally find it less likely that verifiable credentials will replace identity providers - it is more likely that identity providers (social network, white labelled, and private alike) are one of the largest consumers of them. -DW > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
Received on Monday, 21 March 2022 22:16:01 UTC