Re: Web-NFC. Was: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT]) from Caspar Roelofs on 2022-03-31 (public-credentials@w3.org from March 2022)

From: Caspar Roelofs <caspar@gimly.io>
Date: Thu, 31 Mar 2022 15:45:09 +0000
To: Orie Steele <orie@transmute.industries>, Anders Rundgren <anders.rundgren.net@gmail.com>
CC: Credentials Community Group <public-credentials@w3.org>, Dev Team <dev@gimly.io>
Message-ID: <AM0P189MB0625B8EEB9E53764331B62BCB6E19@AM0P189MB0625.EURP189.PROD.OUTLOOK.COM>

Hi Orie, Anders,

We are currently working on our SSI-NFC bridge for both desktop terminal and mobile phone in the ESSIF-lab program. We’re also starting out with the Tangem cards mentioned by Orie, aiming to make the bridge more vendor-independent in future releases. Currently not too much to share, but for an idea check out:

  *   https://github.com/Gimly-Blockchain/nfc-ssi-bridge-deliverables/blob/master/functional-specification/overview.md
  *   https://github.com/Gimly-Blockchain/gimly-ssi-card-terminal

Of course, this is different from using the Mobile NFC as anders proposes in the sequence diagram (https://github.com/w3c/web-nfc/issues/140). If anyone is interested to discuss how our project might align with your visions, we would gladly setup a call.

Bests,
Caspar

--
Caspar Roelofs
Gimly Projects and Partnerships
Amsterdam, the Netherlands
     [A picture containing background pattern  Description automatically generated]

Gimly.io<http://www.gimly.io/> | Medium<https://medium.com/@GimlyBlockchain> | LinkedIn<https://www.linkedin.com/company/gimly-blockchain> | Twitter<https://twitter.com/gimly_io>

From: Orie Steele <orie@transmute.industries>
Date: Monday, 21 March 2022 at 13:48
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Credentials Community Group <public-credentials@w3.org>
Subject: Re: Web-NFC. Was: Centralization dangers of applying OpenID Connect to wallets protocols (was: Re: 2022-2026 Verifiable Data Standards Roadmap [DRAFT])
Although the firmware is proprietary, if WebNFC supported APDU, these crypto currency wallet NFC Cards would almost give you what you want.

https://tangem.com/en/

I have tested them in "Kiosk" setups and they allow for vanilla EdDSA or ES256K from hardware isolated keys.

Unfortunately, you need a regular card reader to interact with them, because web nfc does not expose the APDU interface.

So they pair their solution with a Native App.

I wouldn't say it's "too late"... there are currently 0 registered standard payment method identifiers: https://www.w3.org/TR/payment-method-id/#registry

It does seem like somehow the folks who needed to be in the same room to make this happen got spread across different WGs.

OS

On Mon, Mar 21, 2022 at 7:21 AM Anders Rundgren <anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com>> wrote:
On 2022-03-21 13:13, Orie Steele wrote:
> I'm not sure what exactly the proposal is.
>
> NDEF Tags and QR Codes can contain URLs which can then be used to invoke applications.
>
> Are you hoping for more general purpose NFC APIs that are not limited to mobile browsers?

Hi Orie,

Since the boat has sailed I'm not really hoping on anything :(

The idea is pretty well described in this GitHub issue: https://github.com/w3c/web-nfc/issues/140

Thanx,
Anders

>
> OS
>
> On Sat, Mar 19, 2022 at 1:52 AM Anders Rundgren <anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com>>> wrote:
>
>     Since the original topic is extremely large, I take the liberty focusing on a related item which I have been actively involved in.
>
>     Google and Intel have created an API that makes it possible reading and writing certain types of RFID tags from a mobile browser.  That's fine but this use case is already supported by much more powerful native apps.
>
>     I claimed early on (and to no avail), that mobile devices (phones) with native apps interacting with Web pages running in desktop computers have lots of already established applications that could benefit from a better solution.
>
>     The current solution to this generic use case are QR codes which require you to manually start a specific application, alternatively provide some private information which can be used for Web push.
>
>     Since QR codes do not provide the security context of the Web page, this solution is susceptible to phishing.
>
>
>     The only people outside of Google and Intel who have been visible in this activity are RFID vendors.  The payment industry were not there.  The same goes for the identity folks.
>
>     I would like to restart this activity but not alone.  Getting NFC back in PCs will not happen overnight, if ever.
>
>     Thanx,
>     Anders
>     https://github.com/w3c/web-nfc/issues/128 <https://github.com/w3c/web-nfc/issues/128>
>
>
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>

--
ORIE STEELE
Chief Technical Officer
www.transmute.industries

[Image removed by sender.]<https://www.transmute.industries/>

Attachments

image/png attachment: image001.png

Received on Thursday, 31 March 2022 16:01:16 UTC