- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 23 Sep 2013 08:23:50 +0200
- To: public-webpayments@w3.org, Manu Sporny <msporny@digitalbazaar.com>
Manu, The problem with this is that banks do not only want an identity, they also want something secure to host that identity in. The "Great Three Laggards", the Financial industry, the US Government (NIST) and Microsoft could have solved that years ago but they didn't. Unfortunately Mozilla have proved to be equally uninterested in understanding why banks in the EU cannot use even the Firefox's "soft token" but rather (re)build the entire client-side security solution themselves. Banks do the same thing for Android. That's essentially the entire motivation for the SKS/KeyGen2 project. Probably (unfortunately rather...) I believe we are all at the mercy of Google who indeed have started a similar project in a closed consortium (security hardware is by "tradition" extremely secret...) called U2F (Universal 2-factor Authentication). W3C's SE API looks like a clear case of DoA even before it actually started. Anders
Received on Monday, 23 September 2013 06:24:21 UTC