Re: [hb-secure-services] vs Web Authentication from Rigo Wenning on 2016-12-21 (public-hb-secure-services@w3.org from December 2016)

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 21 Dec 2016 16:22:40 +0100
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-hb-secure-services@w3.org" <public-hb-secure-services@w3.org>
Message-ID: <2045669.6kXDsBsW1W@hegel>

Anders, 

On Wednesday, December 21, 2016 3:21:59 PM CET Anders Rundgren wrote:
> Since the browser vendors obviously are busy with Web Authentication, you
> can safely assume that YOUR team will have to implement everything
> themselves.

Web authentication is just a different branding for the FIDO approach. It was 
clear from the beginning of this work that both approaches are very different, 
namely that the smart card approach includes identity management while FIDO 
relies on large internet estates to do it. 

I don't know what Gemalto does. I see them involved in both. But for me, both 
approaches are not in competition. Except that not doing this approach will 
make large internet estates even more important and thus contribute to the 
concentration and re-centralization of the Web. So doing FIDO as such is not 
the issue. But not allowing ID management via something other than passwords 
is. Especially as not doing it would mean the government would have to do his 
identity management like some large californian companies. This would mean EU 
governments would have to revise their entire legislation on identity 
management. 

I think making a browser that can do hb-security is cheaper. 

 --Rigo

Received on Wednesday, 21 December 2016 15:22:55 UTC