Re: Open Wallet Foundation from Daniel Goldscheider on 2022-09-17 (public-credentials@w3.org from September 2022)

From: Daniel Goldscheider <daniel@goldscheider.com>
Date: Sat, 17 Sep 2022 07:46:27 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: W3C Credentials Community Group <public-credentials@w3.org>
Message-Id: <FB28A7D2-E592-4995-8FA9-1E2AFA8548AC@goldscheider.com>

Good morning everyone,

I hope it’s not a breach of netiquette to answer the entire list.

The aim is to create an open source core that contains many components like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc.

OWF will not create new standards and won’t publish its own wallet. 

A lot of companies are involved in the discussions including four credit card schemes and Microsoft. 

We are currently discussing what protocols to start with and how the wallet is invoked. If anyone here is interested to weigh in, please email info@openwallet.foundation or me. 

Have a nice weekend,

Daniel



> On 17 Sep 2022, at 06:47, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
> 
> The merits of this proposal is yet to be seen but presumably it builds on that the wallet is a part of the native platform.  This is IMO also the only solution that can be certified.
> 
> Personally, I would though build a wallet around FIDO.   The recent additions to FIDO and its companion standard WebAuthn are simply put unrealistic to copy.
> 
> That using FIDO results in signature schemes that doesn't map directly to JOSE and COSE is a no-issue compared to the rest. I have succeed using raw FIDO signatures for payment authorizations with almost no effort at all: https://github.com/cyberphone/ctap2-sign
> 
> Using FIDO (not WebAuthn) a wallet function would constitute of
>     Standard FIDO Key + Custom Meta Data + Custom Process
> where the Custom Meta Data also holds a handle (credentialId) to the associated FIDO key.
> 
> However, the problem I have been struggling with like forever remains: the proper way of invoking a native wallet from the Web [*].  Another issue which apparently nobody is dealing with, is how to invoke a wallet in the physical world.  Although QR codes work, but they are way less useful than Apple Pay with NFC.  This topic may be out of scope for the W3C but in the same way as with payments, the market doesn't care :)
> 
> Cheers,
> Anders
> 
> 
> *] Due to the browser tech monopoly, browser innovation is effectively limited to Google and Apple.  Well, Microsoft could play another role since they have discontinued their Microsoft Wallet.

Received on Tuesday, 20 September 2022 07:40:08 UTC