Re: HW Sec Workshop - Citizen Identity from Wendy Seltzer on 2016-04-26 (public-web-security@w3.org from April 2016)

From: Wendy Seltzer <wseltzer@w3.org>
Date: Tue, 26 Apr 2016 13:16:42 -0400
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <571FA27A.2020509@w3.org>

On 04/26/2016 12:33 AM, Anders Rundgren wrote:
> On 2016-04-26 05:39, Colin Gallagher wrote:
>> For those of us that were at the W3C Web Crypto Next Steps workshop (I
>> was there),
>>  it may help to remind ourselves of what was actually arrived at or
> agreed to, or
>> determined to be high / medium / low priority at the time of that
> workshop.
>> There were notes taken, and also an executive summary
> <https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html>.
>>
>> I'm certainly curious of the status of the next steps rechartering at
>> this
>> point in terms of process.  I have been observing some of the
> discussions related to this periodically.
> 
> Experienced Google standards editor Ian Hickson explains it pretty well:
> http://manu.sporny.org/2016/browser-api-incubation-antipattern/#comment-29249
> 
> 
> "Fundamentally, the people who write the code have all the power. That’s
> always been the case"
> 
> That is, it doesn't matter what You, I or, other even big W3C members
> like Gemalto want, unless it coincides with what the browser vendors
> headed by Google want as well.
> The latter's desire seems to be to develop hardware security related
> standards in the less open FIDO alliance rather than in the W3C.

W3C works as a voluntary consensus-driven standards organization. We
don't have power to compel anyone to follow our Recommendations, only
the power that comes from developing good ideas that help to build a
stronger Web platform and network of Web users. For any member,
including those who make browsers, a part of the standards exercise is
persuasion: persuading others in the Web ecosystem that adopting a
proposed common standard is better for business and technology than
going it alone or ignoring the standard.

We had a productive meeting today, and aim to continue that tomorrow,
including building use cases with which to talk to the browsers about
their interest in components such as secure key management.

--Wendy

-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)

Received on Tuesday, 26 April 2016 17:16:47 UTC