W3C home > Mailing lists > Public > public-identity@w3.org > February 2012

Re: W3C Web Identity Standardization Woes

From: Ron Garret <ron@flownet.com>
Date: Wed, 8 Feb 2012 10:10:59 -0800
Cc: public-identity@w3.org, Harry Halpin <hhalpin@w3.org>
Message-Id: <8FDE412B-7E90-42FA-9728-39EC73D19B4E@flownet.com>
To: Anders Rundgren <anders.rundgren@telia.com>
+1.  The belief that something is infeasible is in nearly all cases a self-fulfilling prophecy.

On Feb 8, 2012, at 6:40 AM, Harry Halpin wrote:

> Anders,
>   Again, if you believe in your below statements, I kindly suggest you join another mailing list. Furthermore, there is no new information in your email, just the same opinion you re-iterated earlier a number of times.
>          cheers,
>               harry
> On 02/08/2012 06:30 AM, Anders Rundgren wrote:
>> http://www.w3.org/2011/08/webidentity-charter.html
>> I hope you don't get too upset but I believe the last 12 months have shown that
>> standardization of security and identity solutions on the web, particularly for
>> schemes that introduce changes in the client-platform, is more or less infeasible.
>> Why is that?  The interest in cooperating among the very few vendors that own
>> the web is minimal.  In addition, the majority of all efforts in this space fail
>> like Microsoft's Information Cards initiative.
>> Regarding DomCrypt, I see this as a Mozilla project which the other vendors can
>> take up or not depending if they find it useful.
>> DomCrypt also shows the difficulty running open processes.  It has been claimed
>> that DomCrypt could be "extended" to support smart cards.   No document or
>> writeup has though been provided showing how this would work.  IMO smart
>> cards using non-domain-restricted credentials such as PIV must not be exposed
>> on the web; they can only be used by trusted applications such as TLS.
>> Anders
Received on Wednesday, 8 February 2012 18:16:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:09:07 UTC