- From: Wayne Chang <wayne@spruceid.com>
- Date: Tue, 29 Nov 2022 10:51:40 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CAFTzAXh+nkm=FLBrkDrpbgK0kLfPuwFygwfKZawMObFyep2YSA@mail.gmail.com>
Alternate take: there are not enough combatants for war, and this is just the beginning of the wallet ecosystem's blooming, where many wallets get built, catering to different use cases and workflows, specializing in particular tasks to ensure great UX for their respective use cases. The wallet that lets you unlock your car may be a different brand and experience than the one you use to board your flight, which again may be different than the one you use to transfer your educational credentials--and I think this is a good thing. "Super apps" that aim to encompass all use cases will likely demonstrate subpar performance/UX across the board, and it will be hard for them to be competitive in the market except under mandate, and even under mandate they would leave tons of consumer benefits on the table, abandoning the benefits of specialization that competitive markets can bring. This brings us to the importance of interoperability and standardization across wallets, so that your physical device only needs to keep one copy of a credential in a security-appropriate manner, yet this credential can appear across many workflows that don't require you to clumsily pick through your towering stack of credentials, as if you were in regedit hell, when you're just trying to check in to your hotel room at 11 pm. The hotel brand's wallet could help you present your proof of identification (selectively to only the threshold required), confirmation details, deposit authorization, relevant partner loyalty programs, with a single tap and your consent to share. Nothing to clutter the UX except what you needed to check-in for that hotel, and if you already obtained a credential you needed for this workflow (such as your driver's license from the DMV), then it should just work without onerous and privacy-eroding reissuance processes. These wallets could all be built with a compatible set of data models, issuance protocols, presentation protocols. They could all support a baseline of security and privacy requirements, perhaps with different grades required for more sensitive credentials such as those related to strong identity (your digital passport may require different storage environments and security features such as holder binding than does your grocery store membership card). Perhaps when you present credentials from any wallet of certain trust frameworks, you receive a data receipt from verifiers in a standard format allowing you to exercise your data rights automatically and assess your complete inventory of "leased" data whenever you want. Data models and protocols will win and lose, and I think we've all accepted that there will be several valid ones supported by the market. To the user, it shouldn't matter, and wallets should work out of the box for their use case whether they are entering a bar, transferring credits to their next school, or applying for a job, and it should be done in a way that does not violate their expectations of privacy, security, or ecosystem lock-in. All this needs specifications and standards, and that's why the work of this community is so critical, to allow a multi-wallet world that enshrines user choice to be a feasible path (shoutout to early efforts such as Universal Wallet 2020, CHAPI, SIOP, and emerging ones like the forthcoming FIDO Alliance work discussed at this past IIW). Best, - Wayne On Tue, Nov 29, 2022 at 3:34 AM Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > The war of the wallets seems to be imminent: > https://eudiwalletconsortium.org/ > 👉 Using the EUDI wallet for payments will be a major step forward in > facilitating secure eCommerce for all parties 👈 > > Anders > > > >
Received on Tuesday, 29 November 2022 18:52:37 UTC