- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 17 Sep 2022 06:44:24 +0200
- To: W3C Credentials Community Group <public-credentials@w3.org>
https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
The merits of this proposal is yet to be seen but presumably it builds on that the wallet is a part of the native platform. This is IMO also the only solution that can be certified.
Personally, I would though build a wallet around FIDO. The recent additions to FIDO and its companion standard WebAuthn are simply put unrealistic to copy.
That using FIDO results in signature schemes that doesn't map directly to JOSE and COSE is a no-issue compared to the rest. I have succeed using raw FIDO signatures for payment authorizations with almost no effort at all: https://github.com/cyberphone/ctap2-sign
Using FIDO (not WebAuthn) a wallet function would constitute of
Standard FIDO Key + Custom Meta Data + Custom Process
where the Custom Meta Data also holds a handle (credentialId) to the associated FIDO key.
However, the problem I have been struggling with like forever remains: the proper way of invoking a native wallet from the Web [*]. Another issue which apparently nobody is dealing with, is how to invoke a wallet in the physical world. Although QR codes work, but they are way less useful than Apple Pay with NFC. This topic may be out of scope for the W3C but in the same way as with payments, the market doesn't care :)
Cheers,
Anders
*] Due to the browser tech monopoly, browser innovation is effectively limited to Google and Apple. Well, Microsoft could play another role since they have discontinued their Microsoft Wallet.
Received on Saturday, 17 September 2022 04:44:37 UTC