W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation

From: Daniel Buchner <dbuchner@squareup.com>
Date: Tue, 20 Sep 2022 06:13:32 -0500
Message-ID: <CAMZRv4c_5vsCxAfShtk60r5Lu1Uhzr3gG4WMsP8oR=R2WMoUuQ@mail.gmail.com>
To: Daniel Goldscheider <daniel@goldscheider.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>, Todd Benzies <tbenzies@linuxfoundation.org>
> We have regular calls on Wednesday (Max was invited) and a few of the
> people met at OSS in Dublin.

Max is counsel for IP/patent activities outside our business unit, so those
of us who determine/build things for wallets, identity, etc. were never
were aware of this (and Max may not have even known what to do with the

Daniel, there is no conspiracy here. You are more than welcome to join the
> mailing list.

When did I claim anything was a conspiracy? I specifically took care to
note that I wasn't assuming anything of the sort, but did want to convey my
reasonable concerns about the timing, progression, and implications of
rather immediate selection of a stack by the group of internal architects
you mentioned. I assure you (as others would attest) if I believed anything
purposefully malicious was going on I wouldn't mince words.

Todd (cc) will be happy to add you and anyone else here who is interested.

Thank you, I appreciate that.

- Daniel

> On 20 Sep 2022, at 12:44, Daniel Buchner <dbuchner@squareup.com> wrote:
> "No, the discussion has only started. I’m not an architect so I’m not part
> of the group but hope we will end up with a solid basis for multi format,
> multi protocol wallets, which allows implementers to select the best
> technical basis for their use cases."
> ^ Who are the architects that make up this smaller internal group - can
> you list them, or is that something you can't divulge? Are they hosting
> their selection discussions in public, given they're not generating specs
> and the IPR concerns should be dramatically reduced or eliminated?
> (assuming it's accurate that no new ones are being created)
> - Daniel
> On Tue, Sep 20, 2022, 4:55 AM Daniel Goldscheider <daniel@goldscheider.com>
> wrote:
>> Hi Daniel,
>> Am I reading right that you're already into assembly of a specific stack
>> of select components you're picking rather immediately after announcement
>> of the org?
>> No, the discussion has only started. I’m not an architect so I’m not part
>> of the group but hope we will end up with a solid basis for multi format,
>> multi protocol wallets, which allows implementers to select the best
>> technical basis for their use cases.
>> May I ask how one can be at this stage so soon after announcing the org
>> without having a somewhat preconceived set of components in mind?
>> See above
>> At Block we're curious as to why we may have been excluded from such
>> formative discussions that apparently are already at the stage of component
>> decision, so I'm trying to read the tea leaves a bit here. I guess I'd
>> typically expect a group to reach out very broadly, certainly to big
>> players in the space, before this point, especially given your indication
>> that choices are underway.
>> Max Sills is on the mailing list. I have reached out to him on Aug 16 and
>> introduced myself. When I saw your email to this group on Sep 6 I replied
>> to as well in the hopes to engage directly. I would *love* for you and
>> Block to be involved in the discussions.
>> Are you going to be open to readjudicating these choices as folks
>> actually have a chance to engage and evaluate them, or are you picking a
>> stack now with the intent that anyone beyond the 'in group' who formed the
>> org needs to snap to whatever you selected beforehand?
>> This initiative started in June with me getting a few friends together at
>> Money20/20. I was overwhelmed by the interest and it grew to over 100
>> people taking part in the discussions.
>> The reason we used the OSS in Dublin to announce only the intent to form
>> the OpenWallet Foundation is to give everyone a chance to join as a
>> founding member.
>> Sorry if the questions I'm posing here are awkward to address, I'm just
>> asking based on the perception I have from our vantage given the
>> circumstance.
>> I’m all for honest conversations and to call a spade a spade. In this
>> case, I believe you will see that your fears are unfounded.
>> All the best,
>> Daniel
>> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider <
>> daniel@goldscheider.com> wrote:
>>> Good morning everyone,
>>> I hope it’s not a breach of netiquette to answer the entire list.
>>> The aim is to create an open source core that contains many components
>>> like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc.
>>> OWF will not create new standards and won’t publish its own wallet.
>>> A lot of companies are involved in the discussions including four credit
>>> card schemes and Microsoft.
>>> We are currently discussing what protocols to start with and how the
>>> wallet is invoked. If anyone here is interested to weigh in, please email
>>> info@openwallet.foundation or me.
>>> Have a nice weekend,
>>> Daniel
>>> > On 17 Sep 2022, at 06:47, Anders Rundgren <
>>> anders.rundgren.net@gmail.com> wrote:
>>> > 
>>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
>>> >
>>> > The merits of this proposal is yet to be seen but presumably it builds
>>> on that the wallet is a part of the native platform.  This is IMO also the
>>> only solution that can be certified.
>>> >
>>> > Personally, I would though build a wallet around FIDO.   The recent
>>> additions to FIDO and its companion standard WebAuthn are simply put
>>> unrealistic to copy.
>>> >
>>> > That using FIDO results in signature schemes that doesn't map directly
>>> to JOSE and COSE is a no-issue compared to the rest. I have succeed using
>>> raw FIDO signatures for payment authorizations with almost no effort at
>>> all: https://github.com/cyberphone/ctap2-sign
>>> >
>>> > Using FIDO (not WebAuthn) a wallet function would constitute of
>>> >     Standard FIDO Key + Custom Meta Data + Custom Process
>>> > where the Custom Meta Data also holds a handle (credentialId) to the
>>> associated FIDO key.
>>> >
>>> > However, the problem I have been struggling with like forever remains:
>>> the proper way of invoking a native wallet from the Web [*].  Another issue
>>> which apparently nobody is dealing with, is how to invoke a wallet in the
>>> physical world.  Although QR codes work, but they are way less useful than
>>> Apple Pay with NFC.  This topic may be out of scope for the W3C but in the
>>> same way as with payments, the market doesn't care :)
>>> >
>>> > Cheers,
>>> > Anders
>>> >
>>> >
>>> > *] Due to the browser tech monopoly, browser innovation is effectively
>>> limited to Google and Apple.  Well, Microsoft could play another role since
>>> they have discontinued their Microsoft Wallet.
Received on Tuesday, 20 September 2022 11:13:58 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 September 2022 11:13:59 UTC