W3C home > Mailing lists > Public > public-credentials@w3.org > September 2022

Re: Open Wallet Foundation

From: Mike Prorock <mprorock@mesur.io>
Date: Tue, 20 Sep 2022 09:28:08 -0400
Message-ID: <CAGJKSNTOS3iqsAnK7AORVE4G2x=QWjanVzPJdwfSLqoFtpVjGw@mail.gmail.com>
To: Orie Steele <orie@transmute.industries>
Cc: Daniel Goldscheider <daniel@goldscheider.com>, Daniel Buchner <dbuchner@squareup.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>, Todd Benzies <tbenzies@linuxfoundation.org>
+1 Orie

Mike Prorock
CTO, Founder
https://mesur.io/



On Tue, Sep 20, 2022 at 9:25 AM Orie Steele <orie@transmute.industries>
wrote:

> For the record, I'm an "architect" engaged in the work at OWF.
>
> I'm also in several other LF organizations and slacks including DIF, CCC
> and OpenSSF, among others.
>
> There is some overlap with the DIF Wallet security work, I'm happy to keep
> those communities connected to some degree.
>
> Obviously we are having this conversation on a W3C mailing list, where I
> am also active.
>
> I'm confident that we can keep things aligned, and you can count on me to
> point out risks very publicly if I see something harmful emerging.
>
> I don't think there is any cause for concern right now, other than
> ensuring that OWF has enough stakeholders to lift off in a way that is
> useful.
>
> Regards,
>
> OS
>
>
> On Tue, Sep 20, 2022 at 6:23 AM Daniel Goldscheider <
> daniel@goldscheider.com> wrote:
>
>> I didn’t mean to suggest that Max was the right person, only that we’ve
>> made a deliberate effort to include Block. We realize that we can’t
>> possibly approach anyone who could meaningfully contribute. That’s why we
>> publicly announced our plans to launch in the hopes that interested parties
>> will hear about it and be there from the beginning.
>>
>>
>>
>>
>> On 20 Sep 2022, at 13:13, Daniel Buchner <dbuchner@squareup.com> wrote:
>>
>> 
>>
>> We have regular calls on Wednesday (Max was invited) and a few of the
>>> people met at OSS in Dublin.
>>>
>>
>> Max is counsel for IP/patent activities outside our business unit, so
>> those of us who determine/build things for wallets, identity, etc. were
>> never were aware of this (and Max may not have even known what to do with
>> the info).
>>
>> Daniel, there is no conspiracy here. You are more than welcome to join
>>> the mailing list.
>>>
>>
>> When did I claim anything was a conspiracy? I specifically took care to
>> note that I wasn't assuming anything of the sort, but did want to convey my
>> reasonable concerns about the timing, progression, and implications of
>> rather immediate selection of a stack by the group of internal architects
>> you mentioned. I assure you (as others would attest) if I believed anything
>> purposefully malicious was going on I wouldn't mince words.
>>
>> Todd (cc) will be happy to add you and anyone else here who is
>>> interested.
>>>
>>
>> Thank you, I appreciate that.
>>
>> - Daniel
>>
>>> On 20 Sep 2022, at 12:44, Daniel Buchner <dbuchner@squareup.com> wrote:
>>>
>>> 
>>> "No, the discussion has only started. I’m not an architect so I’m not
>>> part of the group but hope we will end up with a solid basis for multi
>>> format, multi protocol wallets, which allows implementers to select the
>>> best technical basis for their use cases."
>>>
>>> ^ Who are the architects that make up this smaller internal group - can
>>> you list them, or is that something you can't divulge? Are they hosting
>>> their selection discussions in public, given they're not generating specs
>>> and the IPR concerns should be dramatically reduced or eliminated?
>>> (assuming it's accurate that no new ones are being created)
>>>
>>> - Daniel
>>>
>>> On Tue, Sep 20, 2022, 4:55 AM Daniel Goldscheider <
>>> daniel@goldscheider.com> wrote:
>>>
>>>> Hi Daniel,
>>>>
>>>> Am I reading right that you're already into assembly of a specific
>>>> stack of select components you're picking rather immediately after
>>>> announcement of the org?
>>>>
>>>> No, the discussion has only started. I’m not an architect so I’m not
>>>> part of the group but hope we will end up with a solid basis for multi
>>>> format, multi protocol wallets, which allows implementers to select the
>>>> best technical basis for their use cases.
>>>>
>>>> May I ask how one can be at this stage so soon after announcing the org
>>>> without having a somewhat preconceived set of components in mind?
>>>>
>>>> See above
>>>>
>>>> At Block we're curious as to why we may have been excluded from such
>>>> formative discussions that apparently are already at the stage of component
>>>> decision, so I'm trying to read the tea leaves a bit here. I guess I'd
>>>> typically expect a group to reach out very broadly, certainly to big
>>>> players in the space, before this point, especially given your indication
>>>> that choices are underway.
>>>>
>>>> Max Sills is on the mailing list. I have reached out to him on Aug 16
>>>> and introduced myself. When I saw your email to this group on Sep 6 I
>>>> replied to as well in the hopes to engage directly. I would *love* for you
>>>> and Block to be involved in the discussions.
>>>>
>>>> Are you going to be open to readjudicating these choices as folks
>>>> actually have a chance to engage and evaluate them, or are you picking a
>>>> stack now with the intent that anyone beyond the 'in group' who formed the
>>>> org needs to snap to whatever you selected beforehand?
>>>>
>>>> This initiative started in June with me getting a few friends together
>>>> at Money20/20. I was overwhelmed by the interest and it grew to over 100
>>>> people taking part in the discussions.
>>>>
>>>> The reason we used the OSS in Dublin to announce only the intent to
>>>> form the OpenWallet Foundation is to give everyone a chance to join as a
>>>> founding member.
>>>>
>>>> Sorry if the questions I'm posing here are awkward to address, I'm just
>>>> asking based on the perception I have from our vantage given the
>>>> circumstance.
>>>>
>>>> I’m all for honest conversations and to call a spade a spade. In this
>>>> case, I believe you will see that your fears are unfounded.
>>>>
>>>> All the best,
>>>> Daniel
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider <
>>>> daniel@goldscheider.com> wrote:
>>>>
>>>>> Good morning everyone,
>>>>>
>>>>> I hope it’s not a breach of netiquette to answer the entire list.
>>>>>
>>>>> The aim is to create an open source core that contains many components
>>>>> like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8, etc.
>>>>>
>>>>> OWF will not create new standards and won’t publish its own wallet.
>>>>>
>>>>> A lot of companies are involved in the discussions including four
>>>>> credit card schemes and Microsoft.
>>>>>
>>>>> We are currently discussing what protocols to start with and how the
>>>>> wallet is invoked. If anyone here is interested to weigh in, please email
>>>>> info@openwallet.foundation or me.
>>>>>
>>>>> Have a nice weekend,
>>>>>
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>> > On 17 Sep 2022, at 06:47, Anders Rundgren <
>>>>> anders.rundgren.net@gmail.com> wrote:
>>>>> > 
>>>>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
>>>>> >
>>>>> > The merits of this proposal is yet to be seen but presumably it
>>>>> builds on that the wallet is a part of the native platform.  This is IMO
>>>>> also the only solution that can be certified.
>>>>> >
>>>>> > Personally, I would though build a wallet around FIDO.   The recent
>>>>> additions to FIDO and its companion standard WebAuthn are simply put
>>>>> unrealistic to copy.
>>>>> >
>>>>> > That using FIDO results in signature schemes that doesn't map
>>>>> directly to JOSE and COSE is a no-issue compared to the rest. I have
>>>>> succeed using raw FIDO signatures for payment authorizations with almost no
>>>>> effort at all: https://github.com/cyberphone/ctap2-sign
>>>>> >
>>>>> > Using FIDO (not WebAuthn) a wallet function would constitute of
>>>>> >     Standard FIDO Key + Custom Meta Data + Custom Process
>>>>> > where the Custom Meta Data also holds a handle (credentialId) to the
>>>>> associated FIDO key.
>>>>> >
>>>>> > However, the problem I have been struggling with like forever
>>>>> remains: the proper way of invoking a native wallet from the Web [*].
>>>>> Another issue which apparently nobody is dealing with, is how to invoke a
>>>>> wallet in the physical world.  Although QR codes work, but they are way
>>>>> less useful than Apple Pay with NFC.  This topic may be out of scope for
>>>>> the W3C but in the same way as with payments, the market doesn't care :)
>>>>> >
>>>>> > Cheers,
>>>>> > Anders
>>>>> >
>>>>> >
>>>>> > *] Due to the browser tech monopoly, browser innovation is
>>>>> effectively limited to Google and Apple.  Well, Microsoft could play
>>>>> another role since they have discontinued their Microsoft Wallet.
>>>>>
>>>>>
>>>>>
>
> --
> *ORIE STEELE*
> Chief Technical Officer
> www.transmute.industries
>
> <https://www.transmute.industries>
>
Received on Tuesday, 20 September 2022 13:28:34 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 20 September 2022 13:28:35 UTC