W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Can CHAPI survive Big Tech? (was Re: Centralization dangers of applying OpenID Connect to wallets protocols)

From: Snorre Lothar von Gohren Edwin <snorre@diwala.io>
Date: Sun, 27 Mar 2022 22:33:56 +0200
Message-ID: <CAE8zwO32ctFsJB6bZhbvmEW4r-QW4mvjBugx3h=aBOM=zLYYAw@mail.gmail.com>
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: public-credentials@w3.org
A quick follow up question, chapi cannot work, unless the party doing
issuance or verification adds the polyfill it to their webpage?
Or go via a proxy web page provided by the solution provider for their
issuance or verification software?

Or is it something im missing?
ᐧ

On Sun, Mar 27, 2022 at 9:40 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On 3/23/22 2:32 PM, Oliver Terbu wrote:
> > Another thing I have some trouble getting my head around and since CHAPI
> > was mentioned so often. I think it is quite odd to see CHAPI as the
> > solution to the "centralization issue" -- CHAPI a browser polyfill with
> the
> > promise that it will be implemented by the browser vendors eventually,
> the
> > same "Big Tech" companies people in this thread are worried about.
>
> Even if CHAPI was never implemented by the browser vendors, it could still
> provide a solution for 95%+ of the market. There are additional
> technologies
> like Web Share and Web Share Target that could eventually replace CHAPI
> (in a
> good way). CHAPI is a set of technical strategies to do same-device wallet
> invocation, those strategies have and will continue to change over time
> because browsers change over time.
>
> Just the mere existence of CHAPI demonstrates that NASCAR is a solvable
> problem. That helps program managers inside the browser vendors pitch it to
> their technical teams (art of the possible), and if they can get through
> all
> the internal hurdles to demonstrate that it will be a net positive for
> their
> organization, then it gets implemented.
>
> If the browser vendors choose to not implement it, then it is an example to
> the European Union of one approach to the "consumer choice" problem (that's
> workable) and it becomes a question whether or not regulators should step
> in.
>
> So, yes, CHAPI doesn't presume that the browser vendors will ever
> implement it
> -- we can deploy open wallet ecosystems TODAY with it. CHAPI is also
> nimble in
> that as browser vendors remove and add features, we can adapt to provide
> the
> best UX possible given the technical limitations... finally, if all else
> fails, we can fall back to OIDC-like redirection flows (which are
> problematic
> for all the reasons outlined in the "W3C CCG Wallet Protocol Analysis"
> document. That is, the worst case outcome for CHAPI is what OIDC is doing
> today.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> News: Digital Bazaar Announces New Case Studies (2021)
> https://www.digitalbazaar.com/
>
>
>

-- 

*Snorre Lothar von Gohren Edwin*
Co-Founder & CTO, Diwala
+47 411 611 94
www.diwala.io
<http://www.diwala.io/>
*Stay on top of Diwala news on social media! **Facebook
<https://www.facebook.com/diwalaorg>** / **LinkedIn
<https://www.linkedin.com/company/diwala>** / **Instagram
<https://www.instagram.com/diwala_/>** / **Twitter
<https://twitter.com/Diwala>*
Received on Sunday, 27 March 2022 20:35:20 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 27 March 2022 20:35:21 UTC