Re: [foaf-dev] Credentials Community Group

On 2014-08-03 03:24, Manu Sporny wrote:> On 08/02/2014 04:26 PM, Anders Rundgren wrote:
 >> AWWW is great but the competition in the form of centralized
 >> super-providers can offer
 >>
 >> * Convenience
 >
 > Out of your list, this is really the only value-add that a centralized
 > super-provider can provide. However, this is true for any super-provider
 > technology that competes with AWWW. I don't see a new argument here,
 > it's the same one that's been used to argue against the Web since its
 > inception.
 >
 > The other three items either are 1) already being built into the web
 > platform as we speak, or 2) unnecessary for any of this stuff to become
 > a success.

This is not entirely correct.  Mozilla is in fact building new core
web-technology for supporting MNO-based payments:
https://bugzilla.mozilla.org/show_bug.cgi?id=879861


 > * Trusted UI - unnecessary
 > * Strong user authentication - WebCrypto, U2F
 > * Secure key storage - U2F

If you use U2F you effectively get a trusted UI "for free".  What I
lack is some kind of write-up showing how U2F can support all *four*
qualities mentioned above and that in a distributed fashion.

To me this is a fundamental issue and I wouldn't take a single
step forward without having resolved it.  BTW, I think this would
be a very useful "exercise" for the group as well :-)

Note: it *may* very well be possible but I just don't see how.


 > Your argument isn't lost on me, though. Yes, these super-providers are
 > among the most powerful organizations in the world, yes they have a lot
 > of money, yes they have armies of engineers. That said, for some reason,
 > they keep picking to deploy their products on the Web and continue to
 > contribute to the Web's core architecture. These large organizations
 > also re-use good Web technologies if it suits their purposes.
 >
 > To give you a concrete example, there was no large organization backing
 > JSON-LD. Almost the entirety of the technical work and standardization
 > of that technology was done by volunteers (and Digital Bazaar's paid
 > engineers). We sunk several hundred thousand dollars of our own money
 > into the standard (a fantastic ROI, considering the uptake of JSON-LD).
 >
 > Google, Microsoft, Yahoo!, and Yandex are among the companies that now
 > use JSON-LD. They use it because it solved a problem for them in an
 > elegant way. The same could be true for the Web Payments work as well as
 > the Credentials work. Time will tell, but we've done this before against
 > worse odds.
 >
 > Success depends primarily on making sure the right incentives are in
 > place for the big players:
 >
 > http://community.badvoltage.org/t/1x21-everything-old-is-old-again/2053/30?u=msporny
 >
 >> Can a comparatively crippled decentralized web platform without any
 >> visible big-vendor support really make a change?
 >
 > What Kingsley said. The Web platform has done just fine w/o big backers
 > kicking off new projects. The big-vendor support typically doesn't come
 > in the beginning, it comes at the end, after the technology is almost
 > fully baked. I know of a very large number of Web technologies that were
 > created by individuals or small companies, only later to be picked up by
 > the technology giants. The giants help the stuff scale, and they do so
 > out of self-interest. This stuff almost always starts out as a small
 > initiative run by a few people.
 >
 > As for no visible big-vendor support... have you looked at the
 > participants in the Web Payments Workshop? There are numerous
 > big-vendors in that list... and some of them have already committed
 > engineers toward whatever future work we may do:
 >
 > http://www.w3.org/2013/10/payments/agenda.html#participants
 >
 > I can tell you one thing for certain. No other spec work that I've been
 > involved in has ever had the sort of support we have going into the Web
 > Payments and Credentials work. Unfortunately, I can't talk about the big
 > companies that are committing engineers yet, but you'll see who they are
 > in time.
 >
 > In summary, new Web technology doesn't need a big backer during its
 > development to be successful. The vast majority of successful
 > technologies didn't have that sort of support. That said, the Web
 > Payments and Credential work do have big backers already, and who they
 > are will become clear after the "official" work begins at the end of
 > September.
 >
 > The big question to you is, what's the alternative?

That's a good question!  IMO, it depends entirely on what the goal is.

For supporting immature markets like BitCoin, I'm sure WebPayments
will be quite usable.

If you OTOH target the *traditional* payment players I believe
you need something that makes them more comparable to the super-
providers (which they [rightfully] fear) to ever get any attention.
Unfortunately this *extremely divided lot* won't spend a nickel on
open projects (if you look back they never have). Microsoft would had
been an excellent partner for taking on this market but they seem stuck
with their AD-flavored enterprise-version of the Internet.  FWIW, I
personally continue with with this segment since U2F (in its current
incarnation NB...), does not meet the needs of EU and Asian banks
who simply wants PKI.

Anders

 >
 > -- manu
 >

Received on Sunday, 3 August 2014 05:05:25 UTC