Re: The Cloud/FIDO: Was: Dealing with the NASCAR Syndrome for Web Payments

On 04/24/2014 05:23 AM, Anders Rundgren wrote:
>> The Identity Credentials stuff is almost completely decoupled from
>> the 2nd factor authentication problem (as it should be).
> 
> I think that we simply have rather different visions about the Need,
> Authentication, Deployment and Usage of identity information in
> payment systems.

Perhaps, but I'm trying to understand your vision and so far I'm having
a hard time putting everything that you're saying together into a
cohesive proposal. I'm sure the story line is there, but I don't
understand what it is, and that's a problem since you seem to be very
adamant about the current state of things being terrible.

I want to make sure that this group doesn't make the same mistakes you
are highlighting, but in order to do that, we have to understand what
you think the mistakes are. So far, I've heard you complain about FIDO's
approach, Web Crypto and SE avoidance, and the failed security systems.
You clearly know a lot about this space, so we'd be foolish not to
listen. We've seen a few proposals from you wrt. mobile device
authentication, but I can't seems to connect the dots between all of
these items.

Perhaps you could write up a blog post or some narrative about exactly
what you'd like to see happen over the next 2-3 years. Try to just talk
about a specific area that you'd like to see fixed.

For example, a narrative like this would be helpful:

http://manu.sporny.org/2014/credential-based-login/

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Thursday, 24 April 2014 13:36:09 UTC