- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 07 Aug 2011 08:50:55 +0200
- To: "public-identity@w3.org" <public-identity@w3.org>
BankID in similarity to many other European organizations looking for secure mobile solutions have built their vision on using SIM-cards since these offer smart card security. However, as I predicted more than a decade ago, building a universal authentication solution on an operator-controlled platform is too difficult, so they recently switched to "embedded credentials". These solutions come in many flavors offering quite different security characteristics, enrollment schemes and GUIs, as well as highly variant application integration features. Although an obvious candidate for standardization, it has been proved (beyond doubt), that such approaches doesn't work in "Google/Apple age" so users like BankID will have to wait until the dust settles to see what actually survives. Anders
Received on Sunday, 7 August 2011 06:51:33 UTC