- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sun, 27 Nov 2011 18:52:56 +0100
- To: Ron Garret <ron@flownet.com>
- CC: "public-identity@w3.org" <public-identity@w3.org>
On 2011-11-27 17:31, Ron Garret wrote: <snip> >> I.e. my quest for a simpler "web token" is a more realistic take on this topic in spite of >> the fact that you need new hardware. > > Why do you think you need new hardware? There are existing hardware solutions that are simpler than full-blown smart cards: > > https://www.swekey.com/ > http://www.safenet-inc.com/products/data-protection/two-factor-authentication/certificate-based-pki-usb-authenticators/ > http://www.cryptomate.com/ These are good "solutions" but are unsuitable as foundations for standards. If we take the eToken for example, it has existed for a decade but it cannot be provisioned from a browser. A system that is supposed to be browser- friendly must IMHO support browser provisioning. I believe that requires hardware that is designed for this use-case. Progress is zero in this space. Only dedicated stuff like the Google Wallet seems to work. Maybe the fact that Google intends to make money on the Wallet is the differentiating factor :-) Anders > > There are also mobile devices. Apps are not as secure as a dedicated device but more secure than a browser, so something like this: > > http://www.rsa.com/node.aspx?id=3651 > http://itunes.apple.com/us/app/oath-token/id364017137 > > might be good enough. > > BTW, I am not endorsing any of these, just pointing to them out as data points to inform the discussion. > > rg > >
Received on Sunday, 27 November 2011 17:53:39 UTC