W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2013

re: Web Payments and Identity

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 23 Sep 2013 08:23:50 +0200
Message-ID: <523FDE76.2000301@gmail.com>
To: public-webpayments@w3.org, Manu Sporny <msporny@digitalbazaar.com>
Manu,

The problem with this is that banks do not only want an identity, they also
want something secure to host that identity in.  The "Great Three Laggards",
the Financial industry, the US Government (NIST) and Microsoft could have
solved that years ago but they didn't.

Unfortunately Mozilla have proved to be equally uninterested in understanding
why banks in the EU cannot use even the Firefox's "soft token" but rather (re)build
the entire client-side security solution themselves.  Banks do the same thing for Android.

That's essentially the entire motivation for the SKS/KeyGen2 project.

Probably (unfortunately rather...) I believe we are all at the mercy of Google who indeed
have started a similar project in a closed consortium (security hardware is by "tradition"
extremely secret...) called U2F (Universal 2-factor Authentication).

W3C's SE API looks like a clear case of DoA even before it actually started.

Anders
Received on Monday, 23 September 2013 06:24:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:24 UTC