Can CHAPI survive Big Tech? (was Re: Centralization dangers of applying OpenID Connect to wallets protocols) from Manu Sporny on 2022-03-27 (public-credentials@w3.org from March 2022)

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 27 Mar 2022 15:37:53 -0400
To: public-credentials@w3.org
Message-ID: <c6bc976a-dbb4-09ed-f077-e0b38d753bcd@digitalbazaar.com>

On 3/23/22 2:32 PM, Oliver Terbu wrote:
> Another thing I have some trouble getting my head around and since CHAPI 
> was mentioned so often. I think it is quite odd to see CHAPI as the 
> solution to the "centralization issue" -- CHAPI a browser polyfill with the
> promise that it will be implemented by the browser vendors eventually, the
> same "Big Tech" companies people in this thread are worried about.

Even if CHAPI was never implemented by the browser vendors, it could still
provide a solution for 95%+ of the market. There are additional technologies
like Web Share and Web Share Target that could eventually replace CHAPI (in a
good way). CHAPI is a set of technical strategies to do same-device wallet
invocation, those strategies have and will continue to change over time
because browsers change over time.

Just the mere existence of CHAPI demonstrates that NASCAR is a solvable
problem. That helps program managers inside the browser vendors pitch it to
their technical teams (art of the possible), and if they can get through all
the internal hurdles to demonstrate that it will be a net positive for their
organization, then it gets implemented.

If the browser vendors choose to not implement it, then it is an example to
the European Union of one approach to the "consumer choice" problem (that's
workable) and it becomes a question whether or not regulators should step in.

So, yes, CHAPI doesn't presume that the browser vendors will ever implement it
-- we can deploy open wallet ecosystems TODAY with it. CHAPI is also nimble in
that as browser vendors remove and add features, we can adapt to provide the
best UX possible given the technical limitations... finally, if all else
fails, we can fall back to OIDC-like redirection flows (which are problematic
for all the reasons outlined in the "W3C CCG Wallet Protocol Analysis"
document. That is, the worst case outcome for CHAPI is what OIDC is doing
today.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

Received on Sunday, 27 March 2022 19:38:08 UTC