Re: Solutions to the NASCAR problem? from David Chadwick on 2015-11-21 (public-webid@w3.org from November 2015)

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Sat, 21 Nov 2015 20:21:36 +0000
To: public-webid@w3.org
Message-ID: <5650D250.4090109@kent.ac.uk>
On 21/11/2015 18:17, Dave Longley wrote:
> On 11/21/2015 12:41 PM, Joerg.Heuer@telekom.de wrote:
>> Hello all,
>>
>> One of the main benefits to the 'wallet'-approach is, that the 
>> negotiation between  the RP and the user's 'wallet' just doesn't
>> have this problem at all.
>>
>> Once the RP sends a statement about what 'instruments' and IdPs it 
>> accepts, it's up to the 'wallet' of the user to figure out what to 
>> use. Could be very plain and offer all matches to the user to make a 
>> pick or it can be way more sophisticated and implement the user's 
>> policy according to context.
> 
> Yes, one way or another the "wallet" will be aware of what options are
> available and can decide what to use algorithmically or present choices
> to the user. Part of what is being discussed here, however, is how the
> browser knows about your "wallet" and therefore what options have been
> associated with the user. It could be through a registration process
> that must be repeated on every device/platform, there could be some
> syncing protocol, or there could be a discovery mechanism.
> 
> There is overlap here with what's being discussed for Web Payments and
> with Credentials. In the Credentials CG, we want the "wallet" to be
> associated with the user (credential holder), so it can follow you
> around, instead of being strongly linked to a particular platform or
> device (this causes lock in and reduces user choice and competition).

Standardising the credentials and wallet contents, i.e. the database
part, should solve the lockin problem shouldnt it? This could be a task
of this WG.

> 
> Therefore, a discovery mechanism is implemented in the demo. We have
> more work to do to better demonstrate that this can be used across
> different devices.

If a copy of the wallet is always on the user's device then
a) you have faster performance
b) no discovery is needed (other than the user choosing a non-default
filename)

David

> 
>>
>> And yes, FIDO should be among the technologies employed I'd say.
>>
>> Cheers, Jörg
>>
>> -----Original Message----- From: Dave Longley 
>> [mailto:dlongley@digitalbazaar.com] Sent: Samstag, 21. November 2015 
>> 16:31 To: Anders Rundgren; W3C Credentials Community Group; 
>> public-webid@w3.org Subject: Re: Solutions to the NASCAR problem?
>>
>> On 11/21/2015 02:11 AM, Anders Rundgren wrote:
>>> I'm interested hearing what's available and what's cooking: 
>>> http://indiewebcamp.com/NASCAR_problem
>>>
>>> Just the core (and links), no TL;DR BS please.
>>
>> There's a very simple demo here:
>>
>> https://authorization.io
>>
>> It involves technology intended to solve the NASCAR problem. In step 
>> 2, the site you log into only needs to provide a login button; the 
>> browser will take care of the rest (finding out your IdP, etc).
>>
>> -- Dave Longley CTO Digital Bazaar, Inc.
>>
> 
>
Received on Saturday, 21 November 2015 20:21:41 UTC