- From: Timothy Holborn <timothy.holborn@gmail.com>
- Date: Sun, 10 Aug 2014 16:46:08 +1000
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: "public-webpayments@w3.org" <public-webpayments@w3.org>
> On 10 Aug 2014, at 8:01 am, Manu Sporny <msporny@digitalbazaar.com> wrote: > > On 08/09/2014 02:25 AM, Anders Rundgren wrote: >>> https://lists.oasis-open.org/archives/tc-announce/201408/msg00001.html >> >> I think OASIS should try things they have a chance succeeding with. >> AFAIK, their stake in the client platform is close to NULL. It is sad >> that banks don't spend a dime on genuine web tech such as WebCrypto. >> Or VISA explaining how their "tokenization" scheme would go into >> WebPayments. > > Agreed. I don't understand why the work is being done at OASIS either > unless this is a purely insider play (meaning, the technology isn't > meant to be used by the public, it's primarily for use in large > enterprises). They have been successful at getting SAML adopted, so this > wouldn't be the first time they've worked in the space. That Bank of > America, RedHat, and Intel are taking the lead is interesting, the > solution will most likely be colored (for better or worse) by a "big > enterprise" palette. > Why don't you call them and ask? > For those that don't want to dig deep into the documents, here's what > they're working on: > > "The TC will develop the IBOPS specification to enable security systems > to provide Identity Assertion, Role Gathering, Multi-Level Access > Control, Assurance, and Auditing capabilities. IBOPS will define how > software running on a client device can communicate with an > IBOPS-enabled server. Methods for enabling security components to work > with existing IBOPS components for integration into current operating > environments will also be considered. An end-to-end specification > describing the standards necessary to perform server-based enhanced > biometric security will be created. This solution will consider > enrollment phase, maintenance, storage, and revocation. Version 1.0 of > the specification should be completed within 18 to 24 months of the > first meeting. " > > "The TC might also develop interoperability profiles for OASIS Trust > Elevation Protocol, FIDO, SAML, Open ID Connect and OAuth if deemed > appropriate by the TC." > > Sounds like they're biting of a great deal of stuff, much of which we've > marked as out of scope for the credentials work because each item alone > would take years to complete. > Funding / operational assumptions therein I'm guessing?? > We should track the IBOPS work closely and learn from it if they do > something interesting. It wouldn't hurt to try and create a liason > relationship between the Credentials CG and the IBOPS WG. > +1 > -- manu > > [1] https://www.oasis-open.org/standards > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: High-Stakes Credentials and Web Login > http://manu.sporny.org/2014/identity-credentials/ >
Received on Sunday, 10 August 2014 06:46:42 UTC