- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 09 Aug 2014 18:01:11 -0400
- To: public-webpayments@w3.org
On 08/09/2014 02:25 AM, Anders Rundgren wrote: >> https://lists.oasis-open.org/archives/tc-announce/201408/msg00001.html > > I think OASIS should try things they have a chance succeeding with. > AFAIK, their stake in the client platform is close to NULL. It is sad > that banks don't spend a dime on genuine web tech such as WebCrypto. > Or VISA explaining how their "tokenization" scheme would go into > WebPayments. Agreed. I don't understand why the work is being done at OASIS either unless this is a purely insider play (meaning, the technology isn't meant to be used by the public, it's primarily for use in large enterprises). They have been successful at getting SAML adopted, so this wouldn't be the first time they've worked in the space. That Bank of America, RedHat, and Intel are taking the lead is interesting, the solution will most likely be colored (for better or worse) by a "big enterprise" palette. For those that don't want to dig deep into the documents, here's what they're working on: "The TC will develop the IBOPS specification to enable security systems to provide Identity Assertion, Role Gathering, Multi-Level Access Control, Assurance, and Auditing capabilities. IBOPS will define how software running on a client device can communicate with an IBOPS-enabled server. Methods for enabling security components to work with existing IBOPS components for integration into current operating environments will also be considered. An end-to-end specification describing the standards necessary to perform server-based enhanced biometric security will be created. This solution will consider enrollment phase, maintenance, storage, and revocation. Version 1.0 of the specification should be completed within 18 to 24 months of the first meeting. " "The TC might also develop interoperability profiles for OASIS Trust Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed appropriate by the TC." Sounds like they're biting of a great deal of stuff, much of which we've marked as out of scope for the credentials work because each item alone would take years to complete. We should track the IBOPS work closely and learn from it if they do something interesting. It wouldn't hurt to try and create a liason relationship between the Credentials CG and the IBOPS WG. -- manu [1] https://www.oasis-open.org/standards -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: High-Stakes Credentials and Web Login http://manu.sporny.org/2014/identity-credentials/
Received on Saturday, 9 August 2014 22:01:34 UTC