- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 16 Feb 2014 12:26:25 +0100
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Web Payments <public-webpayments@w3.org>, Brian Smith <brian@briansmith.org>
- Message-ID: <CAKaEYhLDFr6GFU5e3-WURCiphFz0WDqBkcpH-gMq9KBbaArZUA@mail.gmail.com>
On 16 February 2014 07:09, Anders Rundgren <anders.rundgren.net@gmail.com>wrote: > Thanx for posting this Manu, I was just planning to do that! > Now to the analysis... > > Since I have been into this for about 15 years, I have a slightly > different perspective > than Mozilla. > > In the EU consumer-PKI is fairly popular since a decade back. Half of the > Swedish population have digital certificates that they use for login, > signing > at public sector portals and on-line banks. > > NONE, ABSOLUTELY NONE of the solutions build on the browser PKI client > supplied > by Mozilla, Apple, Microsoft or Google. This has been even more the case > for > mobile banking which is getting main-stream. > > Now to the (not so) funny part: Each time I mention this EASY TO VERIFY > FACT, > product management and engineering totally frown and consider me a true > b****s. > > Microsoft once tried something even more ambitious than Persona (and > actually quite cool), > called "Information Cards" which they claimed to be a solution for banks > (and many others). > I said early on that IT DOES NOT match banks' requirements and that they > were building > something on top of a platform which wasn't "bank-ready". IMHO the same > goes for Persona. > > Google is the only vendor who have managed creating a full stack with > their U2F > solution. Well, it is pushed by the FIDO alliance but it started at > Google. > > http://fidoalliance.org/specifications/download > +1 Actually I liked Mozilla's original design for their identity system much better: http://www.azarask.in/blog/post/identity-in-the-browser-firefox/ > > Anders > > On 2014-02-15 20:57, Manu Sporny wrote: > > Of interest to this group since we were counting on Persona being one of > > the login solutions that we'd use to transmit richer customer data to > > merchants (primarily payment processor and address information): > > > > https://wiki.mozilla.org/Identity/Persona_AAR > > > > Of particular interest: > > > > """ > > What did we learn? > > > > Persona should be pared down to its core: a decentralized email > > verification and login API for the web. No more session management, no > > attribute exchange. > > > > Persona should be built natively into Firefox, Fennec and Firefox OS to > > make the JavaScript shim unnecessary on these platforms. The base > > functionality should be cross-browser, but the experience should be > > optimized for the native platforms. > > > > Sites should control most of the user flow and Persona should be almost > > invisible to users. > > > > Sites should be able to offer these benefits to their users with a > > native UA implementation: better UX, reduced login friction and phishing > > protection. > > """ > > > > In related news, Lloyd H. has left Mozilla. With the departure of Ben > > Adida last year, I'm wondering who's taking over the project. From what > > I gather both Ben and Lloyd started the work... wonder who is going to > > finish the work and how it's going to get finished. Thoughts, Kumar? > > > > -- manu > > > > >
Received on Sunday, 16 February 2014 11:26:54 UTC