W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation

From: Daniel Buchner <dbuchner@squareup.com>
Date: Tue, 20 Sep 2022 05:44:19 -0500
Message-ID: <CAMZRv4dBLNEaqA2dffSsTv2hsxSNEYtvWS3qQbPL7U79TvCnkA@mail.gmail.com>
To: Daniel Goldscheider <daniel@goldscheider.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>
"No, the discussion has only started. I’m not an architect so I’m not part
of the group but hope we will end up with a solid basis for multi format,
multi protocol wallets, which allows implementers to select the best
technical basis for their use cases."

^ Who are the architects that make up this smaller internal group - can you
list them, or is that something you can't divulge? Are they hosting their
selection discussions in public, given they're not generating specs and the
IPR concerns should be dramatically reduced or eliminated? (assuming it's
accurate that no new ones are being created)

- Daniel

On Tue, Sep 20, 2022, 4:55 AM Daniel Goldscheider <daniel@goldscheider.com>

> Hi Daniel,
> Am I reading right that you're already into assembly of a specific stack
> of select components you're picking rather immediately after announcement
> of the org?
> No, the discussion has only started. I’m not an architect so I’m not part
> of the group but hope we will end up with a solid basis for multi format,
> multi protocol wallets, which allows implementers to select the best
> technical basis for their use cases.
> May I ask how one can be at this stage so soon after announcing the org
> without having a somewhat preconceived set of components in mind?
> See above
> At Block we're curious as to why we may have been excluded from such
> formative discussions that apparently are already at the stage of component
> decision, so I'm trying to read the tea leaves a bit here. I guess I'd
> typically expect a group to reach out very broadly, certainly to big
> players in the space, before this point, especially given your indication
> that choices are underway.
> Max Sills is on the mailing list. I have reached out to him on Aug 16 and
> introduced myself. When I saw your email to this group on Sep 6 I replied
> to as well in the hopes to engage directly. I would *love* for you and
> Block to be involved in the discussions.
> Are you going to be open to readjudicating these choices as folks actually
> have a chance to engage and evaluate them, or are you picking a stack now
> with the intent that anyone beyond the 'in group' who formed the org needs
> to snap to whatever you selected beforehand?
> This initiative started in June with me getting a few friends together at
> Money20/20. I was overwhelmed by the interest and it grew to over 100
> people taking part in the discussions.
> The reason we used the OSS in Dublin to announce only the intent to form
> the OpenWallet Foundation is to give everyone a chance to join as a
> founding member.
> Sorry if the questions I'm posing here are awkward to address, I'm just
> asking based on the perception I have from our vantage given the
> circumstance.
> I’m all for honest conversations and to call a spade a spade. In this
> case, I believe you will see that your fears are unfounded.
> All the best,
> Daniel
> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider <daniel@goldscheider.com>
> wrote:
>> Good morning everyone,
>> I hope it’s not a breach of netiquette to answer the entire list.
>> The aim is to create an open source core that contains many components
>> like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc.
>> OWF will not create new standards and won’t publish its own wallet.
>> A lot of companies are involved in the discussions including four credit
>> card schemes and Microsoft.
>> We are currently discussing what protocols to start with and how the
>> wallet is invoked. If anyone here is interested to weigh in, please email
>> info@openwallet.foundation or me.
>> Have a nice weekend,
>> Daniel
>> > On 17 Sep 2022, at 06:47, Anders Rundgren <
>> anders.rundgren.net@gmail.com> wrote:
>> > 
>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
>> >
>> > The merits of this proposal is yet to be seen but presumably it builds
>> on that the wallet is a part of the native platform.  This is IMO also the
>> only solution that can be certified.
>> >
>> > Personally, I would though build a wallet around FIDO.   The recent
>> additions to FIDO and its companion standard WebAuthn are simply put
>> unrealistic to copy.
>> >
>> > That using FIDO results in signature schemes that doesn't map directly
>> to JOSE and COSE is a no-issue compared to the rest. I have succeed using
>> raw FIDO signatures for payment authorizations with almost no effort at
>> all: https://github.com/cyberphone/ctap2-sign
>> >
>> > Using FIDO (not WebAuthn) a wallet function would constitute of
>> >     Standard FIDO Key + Custom Meta Data + Custom Process
>> > where the Custom Meta Data also holds a handle (credentialId) to the
>> associated FIDO key.
>> >
>> > However, the problem I have been struggling with like forever remains:
>> the proper way of invoking a native wallet from the Web [*].  Another issue
>> which apparently nobody is dealing with, is how to invoke a wallet in the
>> physical world.  Although QR codes work, but they are way less useful than
>> Apple Pay with NFC.  This topic may be out of scope for the W3C but in the
>> same way as with payments, the market doesn't care :)
>> >
>> > Cheers,
>> > Anders
>> >
>> >
>> > *] Due to the browser tech monopoly, browser innovation is effectively
>> limited to Google and Apple.  Well, Microsoft could play another role since
>> they have discontinued their Microsoft Wallet.
Received on Tuesday, 20 September 2022 10:44:47 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 September 2022 10:44:48 UTC