- From: Orie Steele <orie@transmute.industries>
- Date: Tue, 20 Sep 2022 08:22:21 -0500
- To: Daniel Goldscheider <daniel@goldscheider.com>
- Cc: Daniel Buchner <dbuchner@squareup.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>, Todd Benzies <tbenzies@linuxfoundation.org>
- Message-ID: <CAN8C-_Lkze_vsx8=n_3xosEkhfBCA8YkTiOy02RcP2uvRm68JQ@mail.gmail.com>
For the record, I'm an "architect" engaged in the work at OWF. I'm also in several other LF organizations and slacks including DIF, CCC and OpenSSF, among others. There is some overlap with the DIF Wallet security work, I'm happy to keep those communities connected to some degree. Obviously we are having this conversation on a W3C mailing list, where I am also active. I'm confident that we can keep things aligned, and you can count on me to point out risks very publicly if I see something harmful emerging. I don't think there is any cause for concern right now, other than ensuring that OWF has enough stakeholders to lift off in a way that is useful. Regards, OS On Tue, Sep 20, 2022 at 6:23 AM Daniel Goldscheider <daniel@goldscheider.com> wrote: > I didn’t mean to suggest that Max was the right person, only that we’ve > made a deliberate effort to include Block. We realize that we can’t > possibly approach anyone who could meaningfully contribute. That’s why we > publicly announced our plans to launch in the hopes that interested parties > will hear about it and be there from the beginning. > > > > > On 20 Sep 2022, at 13:13, Daniel Buchner <dbuchner@squareup.com> wrote: > > > > We have regular calls on Wednesday (Max was invited) and a few of the >> people met at OSS in Dublin. >> > > Max is counsel for IP/patent activities outside our business unit, so > those of us who determine/build things for wallets, identity, etc. were > never were aware of this (and Max may not have even known what to do with > the info). > > Daniel, there is no conspiracy here. You are more than welcome to join the >> mailing list. >> > > When did I claim anything was a conspiracy? I specifically took care to > note that I wasn't assuming anything of the sort, but did want to convey my > reasonable concerns about the timing, progression, and implications of > rather immediate selection of a stack by the group of internal architects > you mentioned. I assure you (as others would attest) if I believed anything > purposefully malicious was going on I wouldn't mince words. > > Todd (cc) will be happy to add you and anyone else here who is interested. >> > > Thank you, I appreciate that. > > - Daniel > >> On 20 Sep 2022, at 12:44, Daniel Buchner <dbuchner@squareup.com> wrote: >> >> >> "No, the discussion has only started. I’m not an architect so I’m not >> part of the group but hope we will end up with a solid basis for multi >> format, multi protocol wallets, which allows implementers to select the >> best technical basis for their use cases." >> >> ^ Who are the architects that make up this smaller internal group - can >> you list them, or is that something you can't divulge? Are they hosting >> their selection discussions in public, given they're not generating specs >> and the IPR concerns should be dramatically reduced or eliminated? >> (assuming it's accurate that no new ones are being created) >> >> - Daniel >> >> On Tue, Sep 20, 2022, 4:55 AM Daniel Goldscheider < >> daniel@goldscheider.com> wrote: >> >>> Hi Daniel, >>> >>> Am I reading right that you're already into assembly of a specific stack >>> of select components you're picking rather immediately after announcement >>> of the org? >>> >>> No, the discussion has only started. I’m not an architect so I’m not >>> part of the group but hope we will end up with a solid basis for multi >>> format, multi protocol wallets, which allows implementers to select the >>> best technical basis for their use cases. >>> >>> May I ask how one can be at this stage so soon after announcing the org >>> without having a somewhat preconceived set of components in mind? >>> >>> See above >>> >>> At Block we're curious as to why we may have been excluded from such >>> formative discussions that apparently are already at the stage of component >>> decision, so I'm trying to read the tea leaves a bit here. I guess I'd >>> typically expect a group to reach out very broadly, certainly to big >>> players in the space, before this point, especially given your indication >>> that choices are underway. >>> >>> Max Sills is on the mailing list. I have reached out to him on Aug 16 >>> and introduced myself. When I saw your email to this group on Sep 6 I >>> replied to as well in the hopes to engage directly. I would *love* for you >>> and Block to be involved in the discussions. >>> >>> Are you going to be open to readjudicating these choices as folks >>> actually have a chance to engage and evaluate them, or are you picking a >>> stack now with the intent that anyone beyond the 'in group' who formed the >>> org needs to snap to whatever you selected beforehand? >>> >>> This initiative started in June with me getting a few friends together >>> at Money20/20. I was overwhelmed by the interest and it grew to over 100 >>> people taking part in the discussions. >>> >>> The reason we used the OSS in Dublin to announce only the intent to form >>> the OpenWallet Foundation is to give everyone a chance to join as a >>> founding member. >>> >>> Sorry if the questions I'm posing here are awkward to address, I'm just >>> asking based on the perception I have from our vantage given the >>> circumstance. >>> >>> I’m all for honest conversations and to call a spade a spade. In this >>> case, I believe you will see that your fears are unfounded. >>> >>> All the best, >>> Daniel >>> >>> >>> >>> >>> >>> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider < >>> daniel@goldscheider.com> wrote: >>> >>>> Good morning everyone, >>>> >>>> I hope it’s not a breach of netiquette to answer the entire list. >>>> >>>> The aim is to create an open source core that contains many components >>>> like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc. >>>> >>>> OWF will not create new standards and won’t publish its own wallet. >>>> >>>> A lot of companies are involved in the discussions including four >>>> credit card schemes and Microsoft. >>>> >>>> We are currently discussing what protocols to start with and how the >>>> wallet is invoked. If anyone here is interested to weigh in, please email >>>> info@openwallet.foundation or me. >>>> >>>> Have a nice weekend, >>>> >>>> Daniel >>>> >>>> >>>> >>>> > On 17 Sep 2022, at 06:47, Anders Rundgren < >>>> anders.rundgren.net@gmail.com> wrote: >>>> > >>>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation >>>> > >>>> > The merits of this proposal is yet to be seen but presumably it >>>> builds on that the wallet is a part of the native platform. This is IMO >>>> also the only solution that can be certified. >>>> > >>>> > Personally, I would though build a wallet around FIDO. The recent >>>> additions to FIDO and its companion standard WebAuthn are simply put >>>> unrealistic to copy. >>>> > >>>> > That using FIDO results in signature schemes that doesn't map >>>> directly to JOSE and COSE is a no-issue compared to the rest. I have >>>> succeed using raw FIDO signatures for payment authorizations with almost no >>>> effort at all: https://github.com/cyberphone/ctap2-sign >>>> > >>>> > Using FIDO (not WebAuthn) a wallet function would constitute of >>>> > Standard FIDO Key + Custom Meta Data + Custom Process >>>> > where the Custom Meta Data also holds a handle (credentialId) to the >>>> associated FIDO key. >>>> > >>>> > However, the problem I have been struggling with like forever >>>> remains: the proper way of invoking a native wallet from the Web [*]. >>>> Another issue which apparently nobody is dealing with, is how to invoke a >>>> wallet in the physical world. Although QR codes work, but they are way >>>> less useful than Apple Pay with NFC. This topic may be out of scope for >>>> the W3C but in the same way as with payments, the market doesn't care :) >>>> > >>>> > Cheers, >>>> > Anders >>>> > >>>> > >>>> > *] Due to the browser tech monopoly, browser innovation is >>>> effectively limited to Google and Apple. Well, Microsoft could play >>>> another role since they have discontinued their Microsoft Wallet. >>>> >>>> >>>> -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Tuesday, 20 September 2022 13:22:46 UTC