- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Wed, 08 Feb 2012 06:30:07 +0100
- To: "public-identity@w3.org" <public-identity@w3.org>
http://www.w3.org/2011/08/webidentity-charter.html I hope you don't get too upset but I believe the last 12 months have shown that standardization of security and identity solutions on the web, particularly for schemes that introduce changes in the client-platform, is more or less infeasible. Why is that? The interest in cooperating among the very few vendors that own the web is minimal. In addition, the majority of all efforts in this space fail like Microsoft's Information Cards initiative. Regarding DomCrypt, I see this as a Mozilla project which the other vendors can take up or not depending if they find it useful. DomCrypt also shows the difficulty running open processes. It has been claimed that DomCrypt could be "extended" to support smart cards. No document or writeup has though been provided showing how this would work. IMO smart cards using non-domain-restricted credentials such as PIV must not be exposed on the web; they can only be used by trusted applications such as TLS. Anders
Received on Wednesday, 8 February 2012 05:33:24 UTC