- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 24 Apr 2014 17:09:27 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org
On 2014-04-24 15:35, Manu Sporny wrote: > On 04/24/2014 05:23 AM, Anders Rundgren wrote: >>> The Identity Credentials stuff is almost completely decoupled from >>> the 2nd factor authentication problem (as it should be). >> >> I think that we simply have rather different visions about the Need, >> Authentication, Deployment and Usage of identity information in >> payment systems. > > Perhaps, but I'm trying to understand your vision and so far I'm having > a hard time putting everything that you're saying together into a > cohesive proposal. I'm sure the story line is there, but I don't > understand what it is, and that's a problem since you seem to be very > adamant about the current state of things being terrible. I guess my 15Y+ in this space has taken its toll... > I want to make sure that this group doesn't make the same mistakes you > are highlighting, but in order to do that, we have to understand what > you think the mistakes are. So far, I've heard you complain about FIDO's > approach, Web Crypto and SE avoidance, and the failed security systems. > You clearly know a lot about this space, so we'd be foolish not to > listen. We've seen a few proposals from you wrt. mobile device > authentication, but I can't seems to connect the dots between all of > these items. I think that's the actual problem, there are simply too many dots to connect. I'm FWIW not able to for example map 3D Secure into the current web payment specifications which is kind of sad since the 3D Secure principle IMO is great. > Perhaps you could write up a blog post or some narrative about exactly > what you'd like to see happen over the next 2-3 years. Try to just talk > about a specific area that you'd like to see fixed. Well, just getting certificate enrollment to work so that not every little bank out there have to "roll their own" would be a major achievement. Anders > > For example, a narrative like this would be helpful: > > http://manu.sporny.org/2014/credential-based-login/ > > -- manu >
Received on Thursday, 24 April 2014 15:10:08 UTC