- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Tue, 02 Jul 2013 08:38:13 +0200
- To: sysapps <public-sysapps@w3.org>
http://www.fidoalliance.org/faqs.html The FIDO authentication protocol needs to be part of a standardized, interoperable ecosystem to be successful. Building this ecosystem requires the active commitment of everybody from hardware chipset vendors, to the manufacturers of back-end server systems. Coordination across the divergent interests of these players is a complex affair, and one that current technical standards bodies are not well suited to handle. The FIDO Alliance will refine the protocol, and monitor the extensions required to meet market needs and to make the protocol robust and mature. Implementation will not be undertaken by the FIDO Alliance. The mature protocol will be presented to the IETF, W3C or similar body after which it will be open to all industry players to implement. ------------------- IMO, the very same considerations apply to a Security Element API. The current W3C input document does not come with a description of what the anticipated applications are which makes standardization of a possible Security Element API a true guesswork (t appears to be an opaque protocol which by definition is "universal" but that's hardly going to make it particularly interoperable). The lack of a discussion around these issues is also an indication that something is missing from the plot. It might be "interest", but it may also be "openness". In fact, just getting the datasheet for most Security Elements including the one embedded in many high-end Android phones requires a signed NDA! True standardization is probably at least 5 years down the road and there will be multiple and competing standards as well. FIDO Alliance will presumably provide one of the candidates although standardization at this stage will essentially be a formality. Don't get me wrong; standardization is great but some targets aren't suited for standardization. Anders
Received on Tuesday, 2 July 2013 06:38:46 UTC