- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 10 Aug 2014 00:54:34 +0200
- To: Joseph Potvin <jpotvin@opman.ca>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAKaEYh+0oE9ooWhZ4M=BXu05pJJ=3kSSo+dVWCAc-uQ+QQkvDA@mail.gmail.com>
On 10 August 2014 00:47, Joseph Potvin <jpotvin@opman.ca> wrote: > It seems to me as an effort by a team at Bank of America to re-fashion > their in-house credentials management system as an external "industry > standard". It it comes to be adopted by others, this saves Bank of > America the trouble of migrating to something else. > > It's common for entities with major in-house deployments to try to get > their thing placed as the basis for a standard. > +1 > > Joseph > > On Sat, Aug 9, 2014 at 6:01 PM, Manu Sporny <msporny@digitalbazaar.com> > wrote: > > On 08/09/2014 02:25 AM, Anders Rundgren wrote: > >>> https://lists.oasis-open.org/archives/tc-announce/201408/msg00001.html > >> > >> I think OASIS should try things they have a chance succeeding with. > >> AFAIK, their stake in the client platform is close to NULL. It is sad > >> that banks don't spend a dime on genuine web tech such as WebCrypto. > >> Or VISA explaining how their "tokenization" scheme would go into > >> WebPayments. > > > > Agreed. I don't understand why the work is being done at OASIS either > > unless this is a purely insider play (meaning, the technology isn't > > meant to be used by the public, it's primarily for use in large > > enterprises). They have been successful at getting SAML adopted, so this > > wouldn't be the first time they've worked in the space. That Bank of > > America, RedHat, and Intel are taking the lead is interesting, the > > solution will most likely be colored (for better or worse) by a "big > > enterprise" palette. > > > > For those that don't want to dig deep into the documents, here's what > > they're working on: > > > > "The TC will develop the IBOPS specification to enable security systems > > to provide Identity Assertion, Role Gathering, Multi-Level Access > > Control, Assurance, and Auditing capabilities. IBOPS will define how > > software running on a client device can communicate with an > > IBOPS-enabled server. Methods for enabling security components to work > > with existing IBOPS components for integration into current operating > > environments will also be considered. An end-to-end specification > > describing the standards necessary to perform server-based enhanced > > biometric security will be created. This solution will consider > > enrollment phase, maintenance, storage, and revocation. Version 1.0 of > > the specification should be completed within 18 to 24 months of the > > first meeting. " > > > > "The TC might also develop interoperability profiles for OASIS Trust > > Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed > > appropriate by the TC." > > > > Sounds like they're biting of a great deal of stuff, much of which we've > > marked as out of scope for the credentials work because each item alone > > would take years to complete. > > > > We should track the IBOPS work closely and learn from it if they do > > something interesting. It wouldn't hurt to try and create a liason > > relationship between the Credentials CG and the IBOPS WG. > > > > -- manu > > > > [1] https://www.oasis-open.org/standards > > > > -- > > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > > Founder/CEO - Digital Bazaar, Inc. > > blog: High-Stakes Credentials and Web Login > > http://manu.sporny.org/2014/identity-credentials/ > > > >
Received on Saturday, 9 August 2014 22:55:06 UTC