W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation

From: Daniel Buchner <dbuchner@squareup.com>
Date: Tue, 20 Sep 2022 05:01:48 -0500
Message-ID: <CAMZRv4cmP2ThLvnKXAaWDkrBf3AWw3a-=E-Szcj5n80yCujS8A@mail.gmail.com>
To: Kaliya Identity Woman <kaliya@identitywoman.net>
Cc: Daniel Goldscheider <daniel@goldscheider.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
Hey Kaliya, sure, happy to connect with you and the folks you alluded to.
However, I do want Other Daniel to answer the questions I asked for the
benefit of everyone here, because the way this is being pushed out is a
significant concern for anyone who reads that component selection is
underway days after an announcement of an org they were not looped into
beforehand. I am not accusing anyone of anything, I'm just noting the
obvious 'bang bang' nature of this and wondering what I am supposed to
think, do, and take away from it.

- This Daniel

On Tue, Sep 20, 2022, 4:50 AM Kaliya Identity Woman <
kaliya@identitywoman.net> wrote:

> It isn’t “mine” but I know the people working on it.
>
> Do you want to be connected?
>
>
>
> Sent from my iPhone
>
> On Sep 20, 2022, at 10:39 AM, Daniel Buchner <dbuchner@squareup.com>
> wrote:
>
> 
> Hello Daniel 1,
>
> Am I reading right that you're already into assembly of a specific stack
> of select components you're picking rather immediately after announcement
> of the org? May I ask how one can be at this stage so soon after announcing
> the org without having a somewhat preconceived set of components in mind?
>
> At Block we're curious as to why we may have been excluded from such
> formative discussions that apparently are already at the stage of component
> decision, so I'm trying to read the tea leaves a bit here. I guess I'd
> typically expect a group to reach out very broadly, certainly to big
> players in the space, before this point, especially given your indication
> that choices are underway.
>
> Are you going to be open to readjudicating these choices as folks actually
> have a chance to engage and evaluate them, or are you picking a stack now
> with the intent that anyone beyond the 'in group' who formed the org needs
> to snap to whatever you selected beforehand?
>
> Sorry if the questions I'm posing here are awkward to address, I'm just
> asking based on the perception I have from our vantage given the
> circumstance.
>
> - Daniel 2
>
> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider <daniel@goldscheider.com>
> wrote:
>
>> Good morning everyone,
>>
>> I hope it’s not a breach of netiquette to answer the entire list.
>>
>> The aim is to create an open source core that contains many components
>> like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc.
>>
>> OWF will not create new standards and won’t publish its own wallet.
>>
>> A lot of companies are involved in the discussions including four credit
>> card schemes and Microsoft.
>>
>> We are currently discussing what protocols to start with and how the
>> wallet is invoked. If anyone here is interested to weigh in, please email
>> info@openwallet.foundation or me.
>>
>> Have a nice weekend,
>>
>> Daniel
>>
>>
>>
>> > On 17 Sep 2022, at 06:47, Anders Rundgren <
>> anders.rundgren.net@gmail.com> wrote:
>> > 
>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
>> >
>> > The merits of this proposal is yet to be seen but presumably it builds
>> on that the wallet is a part of the native platform.  This is IMO also the
>> only solution that can be certified.
>> >
>> > Personally, I would though build a wallet around FIDO.   The recent
>> additions to FIDO and its companion standard WebAuthn are simply put
>> unrealistic to copy.
>> >
>> > That using FIDO results in signature schemes that doesn't map directly
>> to JOSE and COSE is a no-issue compared to the rest. I have succeed using
>> raw FIDO signatures for payment authorizations with almost no effort at
>> all: https://github.com/cyberphone/ctap2-sign
>> >
>> > Using FIDO (not WebAuthn) a wallet function would constitute of
>> >     Standard FIDO Key + Custom Meta Data + Custom Process
>> > where the Custom Meta Data also holds a handle (credentialId) to the
>> associated FIDO key.
>> >
>> > However, the problem I have been struggling with like forever remains:
>> the proper way of invoking a native wallet from the Web [*].  Another issue
>> which apparently nobody is dealing with, is how to invoke a wallet in the
>> physical world.  Although QR codes work, but they are way less useful than
>> Apple Pay with NFC.  This topic may be out of scope for the W3C but in the
>> same way as with payments, the market doesn't care :)
>> >
>> > Cheers,
>> > Anders
>> >
>> >
>> > *] Due to the browser tech monopoly, browser innovation is effectively
>> limited to Google and Apple.  Well, Microsoft could play another role since
>> they have discontinued their Microsoft Wallet.
>>
>>
>>
Received on Tuesday, 20 September 2022 10:02:15 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 September 2022 10:02:16 UTC