Re: Combining Wallets and FIDO2 from Adrian Gropper on 2022-10-02 (public-credentials@w3.org from October 2022)

From: Adrian Gropper <agropper@healthurl.com>
Date: Sun, 2 Oct 2022 17:02:51 -0400
To: W3C Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8g4WhyXL0BQMqxEoFmBkHBuwH1xbqSea0SufLKAyzw5UQ@mail.gmail.com>

Separating the VC management client from the user authentication app would
be useful as VCs can be domain-specific while authenticators are generic.
Generic authenticators include Sign-in with Ethereum
https://eips.ethereum.org/EIPS/eip-4361  What are the candidate protocols
for linking one or more VC management clients to an authenticator like
FIDO2, SIWE, or Microsoft Authenticator?

Adrian

On Sat, Oct 1, 2022 at 12:45 PM Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> On 2022-10-01 15:10, Orie Steele wrote:
> > Very cool.
> >
> > I wonder how long until your Tesla, or your Optimus can be a passkey.
>
> :)
>
> >
> > What's the overlap between CHAPI, mDoc Request API, Web Payments, and
> the existing credential manager APIs?
>
> I'm not able to tell the overlap between all these APIs.  If we stick to
> CHAPI
> https://w3c-ccg.github.io/credential-handler-api/
> the most striking difference is that FWP (Fido Web Pay) is a Web enabled
> system while the actual implementation preferably would rather be a part of
> the client platform.
> In practical terms it means there are no service workers; all code needed
> for a specific wallet function is installed once and vetted by a trusted
> party like the platform vendor.
>
> I may be wrong but this seems to be the only way you can create a shared
> client-side wallet where compatible credentials may be issued by multiple
> and independent issuers.  I.e. like Apple Pay.
>
> I do not see how a CHAPI-based wallet could leverage privileged APIs like
> FIDO2/CTAP2 [*].  CHAPI would rather be dependent on WebAuthn which greatly
> complicates development due to its very specific goals which are hard to
> combine with identity and payments.
>
> Cheers,
> Anders
>
> *] https://github.com/cyberphone/ctap2-sign
>
>
> >
> > OS
> >
> >
> > On Sat, Oct 1, 2022, 1:31 AM Anders Rundgren <
> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>
> wrote:
> >
> >
> https://fido-web-pay.github.io/specification/fido-wallet-a.rundgren.pdf <
> https://fido-web-pay.github.io/specification/fido-wallet-a.rundgren.pdf>
> >
> >     Anders
> >
>
>
>

Received on Sunday, 2 October 2022 21:03:15 UTC