Hi Anders,
> The problem with this and similar efforts is that you need a
> *platform*.
>
> The only party that actually has a platform worth mentioning
> is Apple with their iPhone.
>
> Popular, can host credentials, can be on-line provisioned,
> great connectivity.
Why do you need a platform? Why can't the browser manage
your credentials (whether or not they are stored in a smart
card).
> Unfortunately I don't think the NSTIC people are prepared
> shelling out any money except on projects using their "own"
> platform, i.e. PIV. This platform is severely constrained
> and does neither support multiple credentials nor on-line
> provisioning.
>
> PIV doesn't fit your bank-case.
>
> That people outside the Feds doesn't have card readers is
> also an indication how "off" this thing would be as a
> foundation for a vibrant identity ecosystem.
NSTIC is not about PIV. I believe many people involved with
NSTIC think PKI certificates, such as those stored in PIV
smart cards, are a thing of the past, to be replaced with
"privacy-enhanced" credentials such as Idemix anonymous
credentials or U-Prove tokens. I myself think PKI
certificates have an important role to play going forward,
coexisting with privacy-enhanced credentials.
NSTIC is still pretty much a blank slate. The first
workshop on technology has not taken place yet. I'm told it
will take place in the Bay Area during the week of September
19. I encourage you to attend and contribute your ideas.
> Platform = HW + SW.
Francisco