- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 30 Sep 2013 07:11:40 +0200
- To: public-webpayments@w3.org
In several EU states banks have formed trust networks acting as IdPs. They do trust government-issued IDs such as passports and driver licenses but only for identification in an office. The on-line counterpart to these documents (if available) are very seldom accepted. In addition, banks (as well as other consumers of on-line identities), wants to "normalize" the identity itself like converting their customer's identity to an account number making third-party credentials less suitable. A separate credential also allows banks to revoke a customer independently of the TTP which may be crucial from their point of view. So I (continue) believing that the ability creating secure credentials "on-the-fly" remains an important goal. From the vendor side Google's U2F seems to be the only serious effort making this possible. Other parties appear to be riddled by awkward business models (like "renting" space on SIM-cards), fear and a general inability to cooperate in a world now running at "Google-speed". It took Norway 7 years to get their bank- and SIM-powered Mobile-ID deployed. That simply can't be the way to go. Anders
Received on Monday, 30 September 2013 05:12:14 UTC