W3C home > Mailing lists > Public > public-credentials@w3.org > March 2022

Re: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sun, 27 Mar 2022 16:40:09 -0400
To: public-credentials@w3.org
Message-ID: <4ae17c3e-876b-76be-6914-75185635e1e6@digitalbazaar.com>
On 3/24/22 1:37 PM, Oliver Terbu wrote:
> Btw. app links are more secure than custom URL schemes and they are the 
> recommended way of invoking a native app. Interop is not established based
> on the concrete app link, it is established through the
> `authorization_endpoint` config parameter which can be any sort of URL,
> e.g., an app link. There is no issue regarding interop since RPs don't need
> to know the particular app link, just the place where to look for the
> config parameter.

Unless I'm missing something, App Links only work on Android mobile devices to
invoke Android native apps, they don't work for web apps. On iPhone, universal
links are hobbled outside of Safari (just like you can't install a PWA through
Chrome on iPhone).

So, they would be a solution if your wallet was a native app on the same
mobile device (Android or iPhone), but they are NOT a solution if your wallet
is a web app on the same device... or if you are on a non-Android or
non-iPhone device -- like a Windows laptop/workstation.

What am I missing? Is there some universal implementation of App Link /
Universal Links across all operating systems that I'm unaware of?

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/
Received on Sunday, 27 March 2022 20:40:25 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 27 March 2022 20:40:26 UTC