Re: Combining Wallets and FIDO2

On 2022-10-01 15:10, Orie Steele wrote:
> Very cool.
> 
> I wonder how long until your Tesla, or your Optimus can be a passkey.

:)

> 
> What's the overlap between CHAPI, mDoc Request API, Web Payments, and the existing credential manager APIs?

I'm not able to tell the overlap between all these APIs.  If we stick to CHAPI
https://w3c-ccg.github.io/credential-handler-api/
the most striking difference is that FWP (Fido Web Pay) is a Web enabled system while the actual implementation preferably would rather be a part of the client platform.
In practical terms it means there are no service workers; all code needed for a specific wallet function is installed once and vetted by a trusted party like the platform vendor.

I may be wrong but this seems to be the only way you can create a shared client-side wallet where compatible credentials may be issued by multiple and independent issuers.  I.e. like Apple Pay.

I do not see how a CHAPI-based wallet could leverage privileged APIs like FIDO2/CTAP2 [*].  CHAPI would rather be dependent on WebAuthn which greatly complicates development due to its very specific goals which are hard to combine with identity and payments.

Cheers,
Anders

*] https://github.com/cyberphone/ctap2-sign


> 
> OS
> 
> 
> On Sat, Oct 1, 2022, 1:31 AM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     https://fido-web-pay.github.io/specification/fido-wallet-a.rundgren.pdf <https://fido-web-pay.github.io/specification/fido-wallet-a.rundgren.pdf>
> 
>     Anders
> 

Received on Saturday, 1 October 2022 16:42:35 UTC