RE: [voiceinteraction] Move accounts/authentication box to individual IPA's? from Deborah Dahl on 2021-10-14 (public-voiceinteraction@w3.org from October 2021)

From: Deborah Dahl <Dahl@conversational-Technologies.com>
Date: Thu, 14 Oct 2021 16:43:13 -0400
To: <dirk.schnelle@jvoicexml.org>
Cc: <public-voiceinteraction@w3.org>
Message-ID: <008501d7c13c$1bc7dac0$53579040$@conversational-Technologies.com>

Hi Dirk,

Is the idea that the credentials referred to in “Accounts/Authentication” are not user credentials, but some kind of credentials of the IPA itself? But then as examples of standards related to “Accounts/Authentication” are  <https://www.w3.org/TR/webauthn/> Web Authentication and  <https://fidoalliance.org/specifications/> IDO Universal Authentication Framework, and they seem to have to do with user authentication. Maybe we should add some language to clarify the difference between user authentication and IPA information/trust? 

Debbie

 

 

 

From: dirk.schnelle@jvoicexml.org <dirk.schnelle@jvoicexml.org> 
Sent: Thursday, October 14, 2021 3:57 PM
To: Deborah Dahl <Dahl@conversational-Technologies.com>
Cc: public-voiceinteraction@w3.org
Subject: Re: [voiceinteraction] Move accounts/authentication box to individual IPA's?

 

Dear Debbie,

 

Yes, some comments from my side

 

The description of this component reads:

A registry that knows how to access the known IPA Providers, i.e., which are available and credentials to access them. 

 

It is more of the kind that some instance should know which IPAs are available. So, it does not contradict your view. That part however is not part of the diagrams.

 

Dirk

 

Am 14.10.2021 20:35 schrieb Deborah Dahl <Dahl@conversational-Technologies.com <mailto:Dahl@conversational-Technologies.com> >:”

Looking at the architecture diagram 
https://w3c.github.io/voiceinteraction/voice%20interaction%20drafts/paArchitecture-1-2.htm#walkthrough, I'm wondering if the 
accounts/authentication box should be removed from the Provider Selection Service box and added to each individual IPA Provider. 
That way each individual IPA provider would be responsible for authenticating users according to its own requirements. Some IPA's 
might want to be completely open and some, like a financial site, might have strict authentication requirements. It's hard to think 
of how a central accounts/authentication step would be able to meet the needs of any arbitrary IPA. 
This architecture would also be more in line with the Web, where each website is responsible for authenticating its own users. 
Comments?

Received on Thursday, 14 October 2021 20:43:32 UTC