Re: Open Wallet Foundation from Daniel Buchner on 2022-09-20 (public-credentials@w3.org from September 2022)

From: Daniel Buchner <dbuchner@squareup.com>
Date: Tue, 20 Sep 2022 09:07:42 -0500
To: Mike Prorock <mprorock@mesur.io>
Cc: Orie Steele <orie@transmute.industries>, Daniel Goldscheider <daniel@goldscheider.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, W3C Credentials Community Group <public-credentials@w3.org>, Todd Benzies <tbenzies@linuxfoundation.org>
Message-ID: <CAMZRv4d95UzgWH-OsW8Q52czLTVYEuLkJpoADbc0duEy81XwqA@mail.gmail.com>
I'm definitely not taking a position in opposition to the OWF, I'm just a
bit guarded after so many years of org-related tribulations. If this can
produce a pluggable wallet framework that enables the full range of
decentralized identity, money, and app capabilities to create a thriving
ecosystem, we'd be happy to contribute.

I'll follow up with Daniel and whoever Kaylia was referencing to sort
through the details. I was just asking the broadest, most foundational
questions here I felt should be answered as openly as possible.

- Daniel

On Tue, Sep 20, 2022, 8:28 AM Mike Prorock <mprorock@mesur.io> wrote:

> +1 Orie
>
> Mike Prorock
> CTO, Founder
> https://mesur.io/
>
>
>
> On Tue, Sep 20, 2022 at 9:25 AM Orie Steele <orie@transmute.industries>
> wrote:
>
>> For the record, I'm an "architect" engaged in the work at OWF.
>>
>> I'm also in several other LF organizations and slacks including DIF, CCC
>> and OpenSSF, among others.
>>
>> There is some overlap with the DIF Wallet security work, I'm happy to
>> keep those communities connected to some degree.
>>
>> Obviously we are having this conversation on a W3C mailing list, where I
>> am also active.
>>
>> I'm confident that we can keep things aligned, and you can count on me to
>> point out risks very publicly if I see something harmful emerging.
>>
>> I don't think there is any cause for concern right now, other than
>> ensuring that OWF has enough stakeholders to lift off in a way that is
>> useful.
>>
>> Regards,
>>
>> OS
>>
>>
>> On Tue, Sep 20, 2022 at 6:23 AM Daniel Goldscheider <
>> daniel@goldscheider.com> wrote:
>>
>>> I didn’t mean to suggest that Max was the right person, only that we’ve
>>> made a deliberate effort to include Block. We realize that we can’t
>>> possibly approach anyone who could meaningfully contribute. That’s why we
>>> publicly announced our plans to launch in the hopes that interested parties
>>> will hear about it and be there from the beginning.
>>>
>>>
>>>
>>>
>>> On 20 Sep 2022, at 13:13, Daniel Buchner <dbuchner@squareup.com> wrote:
>>>
>>> 
>>>
>>> We have regular calls on Wednesday (Max was invited) and a few of the
>>>> people met at OSS in Dublin.
>>>>
>>>
>>> Max is counsel for IP/patent activities outside our business unit, so
>>> those of us who determine/build things for wallets, identity, etc. were
>>> never were aware of this (and Max may not have even known what to do with
>>> the info).
>>>
>>> Daniel, there is no conspiracy here. You are more than welcome to join
>>>> the mailing list.
>>>>
>>>
>>> When did I claim anything was a conspiracy? I specifically took care to
>>> note that I wasn't assuming anything of the sort, but did want to convey my
>>> reasonable concerns about the timing, progression, and implications of
>>> rather immediate selection of a stack by the group of internal architects
>>> you mentioned. I assure you (as others would attest) if I believed anything
>>> purposefully malicious was going on I wouldn't mince words.
>>>
>>> Todd (cc) will be happy to add you and anyone else here who is
>>>> interested.
>>>>
>>>
>>> Thank you, I appreciate that.
>>>
>>> - Daniel
>>>
>>>> On 20 Sep 2022, at 12:44, Daniel Buchner <dbuchner@squareup.com> wrote:
>>>>
>>>> 
>>>> "No, the discussion has only started. I’m not an architect so I’m not
>>>> part of the group but hope we will end up with a solid basis for multi
>>>> format, multi protocol wallets, which allows implementers to select the
>>>> best technical basis for their use cases."
>>>>
>>>> ^ Who are the architects that make up this smaller internal group - can
>>>> you list them, or is that something you can't divulge? Are they hosting
>>>> their selection discussions in public, given they're not generating specs
>>>> and the IPR concerns should be dramatically reduced or eliminated?
>>>> (assuming it's accurate that no new ones are being created)
>>>>
>>>> - Daniel
>>>>
>>>> On Tue, Sep 20, 2022, 4:55 AM Daniel Goldscheider <
>>>> daniel@goldscheider.com> wrote:
>>>>
>>>>> Hi Daniel,
>>>>>
>>>>> Am I reading right that you're already into assembly of a specific
>>>>> stack of select components you're picking rather immediately after
>>>>> announcement of the org?
>>>>>
>>>>> No, the discussion has only started. I’m not an architect so I’m not
>>>>> part of the group but hope we will end up with a solid basis for multi
>>>>> format, multi protocol wallets, which allows implementers to select the
>>>>> best technical basis for their use cases.
>>>>>
>>>>> May I ask how one can be at this stage so soon after announcing the
>>>>> org without having a somewhat preconceived set of components in mind?
>>>>>
>>>>> See above
>>>>>
>>>>> At Block we're curious as to why we may have been excluded from such
>>>>> formative discussions that apparently are already at the stage of component
>>>>> decision, so I'm trying to read the tea leaves a bit here. I guess I'd
>>>>> typically expect a group to reach out very broadly, certainly to big
>>>>> players in the space, before this point, especially given your indication
>>>>> that choices are underway.
>>>>>
>>>>> Max Sills is on the mailing list. I have reached out to him on Aug 16
>>>>> and introduced myself. When I saw your email to this group on Sep 6 I
>>>>> replied to as well in the hopes to engage directly. I would *love* for you
>>>>> and Block to be involved in the discussions.
>>>>>
>>>>> Are you going to be open to readjudicating these choices as folks
>>>>> actually have a chance to engage and evaluate them, or are you picking a
>>>>> stack now with the intent that anyone beyond the 'in group' who formed the
>>>>> org needs to snap to whatever you selected beforehand?
>>>>>
>>>>> This initiative started in June with me getting a few friends together
>>>>> at Money20/20. I was overwhelmed by the interest and it grew to over 100
>>>>> people taking part in the discussions.
>>>>>
>>>>> The reason we used the OSS in Dublin to announce only the intent to
>>>>> form the OpenWallet Foundation is to give everyone a chance to join as a
>>>>> founding member.
>>>>>
>>>>> Sorry if the questions I'm posing here are awkward to address, I'm
>>>>> just asking based on the perception I have from our vantage given the
>>>>> circumstance.
>>>>>
>>>>> I’m all for honest conversations and to call a spade a spade. In this
>>>>> case, I believe you will see that your fears are unfounded.
>>>>>
>>>>> All the best,
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Sep 20, 2022, 2:42 AM Daniel Goldscheider <
>>>>> daniel@goldscheider.com> wrote:
>>>>>
>>>>>> Good morning everyone,
>>>>>>
>>>>>> I hope it’s not a breach of netiquette to answer the entire list.
>>>>>>
>>>>>> The aim is to create an open source core that contains many
>>>>>> components like Blink does for browsers with DOM, HTML, CSS, OpenGL, V8,
>>>>>> etc.
>>>>>>
>>>>>> OWF will not create new standards and won’t publish its own wallet.
>>>>>>
>>>>>> A lot of companies are involved in the discussions including four
>>>>>> credit card schemes and Microsoft.
>>>>>>
>>>>>> We are currently discussing what protocols to start with and how the
>>>>>> wallet is invoked. If anyone here is interested to weigh in, please email
>>>>>> info@openwallet.foundation or me.
>>>>>>
>>>>>> Have a nice weekend,
>>>>>>
>>>>>> Daniel
>>>>>>
>>>>>>
>>>>>>
>>>>>> > On 17 Sep 2022, at 06:47, Anders Rundgren <
>>>>>> anders.rundgren.net@gmail.com> wrote:
>>>>>> > 
>>>>>> https://www.linuxfoundation.org/press/linux-foundation-announces-an-intent-to-form-the-openwallet-foundation
>>>>>> >
>>>>>> > The merits of this proposal is yet to be seen but presumably it
>>>>>> builds on that the wallet is a part of the native platform.  This is IMO
>>>>>> also the only solution that can be certified.
>>>>>> >
>>>>>> > Personally, I would though build a wallet around FIDO.   The recent
>>>>>> additions to FIDO and its companion standard WebAuthn are simply put
>>>>>> unrealistic to copy.
>>>>>> >
>>>>>> > That using FIDO results in signature schemes that doesn't map
>>>>>> directly to JOSE and COSE is a no-issue compared to the rest. I have
>>>>>> succeed using raw FIDO signatures for payment authorizations with almost no
>>>>>> effort at all: https://github.com/cyberphone/ctap2-sign
>>>>>> >
>>>>>> > Using FIDO (not WebAuthn) a wallet function would constitute of
>>>>>> >     Standard FIDO Key + Custom Meta Data + Custom Process
>>>>>> > where the Custom Meta Data also holds a handle (credentialId) to
>>>>>> the associated FIDO key.
>>>>>> >
>>>>>> > However, the problem I have been struggling with like forever
>>>>>> remains: the proper way of invoking a native wallet from the Web [*].
>>>>>> Another issue which apparently nobody is dealing with, is how to invoke a
>>>>>> wallet in the physical world.  Although QR codes work, but they are way
>>>>>> less useful than Apple Pay with NFC.  This topic may be out of scope for
>>>>>> the W3C but in the same way as with payments, the market doesn't care :)
>>>>>> >
>>>>>> > Cheers,
>>>>>> > Anders
>>>>>> >
>>>>>> >
>>>>>> > *] Due to the browser tech monopoly, browser innovation is
>>>>>> effectively limited to Google and Apple.  Well, Microsoft could play
>>>>>> another role since they have discontinued their Microsoft Wallet.
>>>>>>
>>>>>>
>>>>>>
>>
>> --
>> *ORIE STEELE*
>> Chief Technical Officer
>> www.transmute.industries
>>
>> <https://www.transmute.industries>
>>
>
Received on Tuesday, 20 September 2022 14:08:10 UTC