- From: Joseph Potvin <jpotvin@opman.ca>
- Date: Mon, 24 Feb 2014 06:55:17 -0500
- To: Web Payments CG <public-webpayments@w3.org>
- Cc: Michael Richardson <mcr@sandelman.ca>
Some thoughts on this topic put together here from a brief off-list conversation with Michael Richardson http://www.linkedin.com/in/mcr314 *** httpauth http://tools.ietf.org/html/draft-ietf-httpauth-basicauth-update-00 https://tools.ietf.org/wg/httpauth/ *** The issue is that Google, Yahoo, (MS)Live, and iCloud have already segmented the market. None of these permit you to sign in to their services with OAUTH, each of them are effectively at the root of four trees. The problem of bank/consumer security is a problem that falls between the browser vendors (who have dubious non-consumer driven, facebook-like, you-are-the-product business models), and the banks. The banks have very little incentive to standardize across them, and very little appreciation of non-microsoft platforms. The banks are among the worst offenders for being browser dependant, for requiring all manner of javascript and pop-ups, and all this crap. Banks need to move towards clearly published APIs. Yes, they can provide a javascript client for those APIs for those that believe that javascript is secure, but they need to move away from being in that business. W3C and IETF are standards bodies, not product development bodies. Someone still has to pay for the people's time who work on those things. In order for people and organizations (and lawyers for same) to adopt the resulting API, it will need *assurance* in the form of a trusted third party that has assumed liability for faults. This is a case where it is appropriate for governments to be involved, and to limit liability legislatively. If either a public sector bank regulator of the banking industry association would get involved to standardize this aspect of bank operations, then in collaboration with the banks they could design, development and maintenance of some APIs, and provide some reference implementations, review them, and arrange for some form of assurance and insurance to those who used the reference implementation. *** Joseph On Fri, Feb 21, 2014 at 4:50 PM, Manu Sporny <msporny@digitalbazaar.com> wrote: > On 02/18/2014 11:01 AM, Kumar McMillan wrote: >> I wasn't on the Persona team so I can't offer much more insight than >> what's on that wiki page. > > Here's some more from the Persona team. They've all been re-assigned and > Persona will go into maintenance mode. It's not being decommissioned, > but Mozilla is no longer putting paid engineers behind future development: > > https://groups.google.com/d/msg/mozilla.dev.identity/Qnxt8lmOEeo/fVtJrMDfOjMJ > > This decision impacts this community and the work we're doing here. I've > reached out to Dan Callahan and offered our thanks for their work on > Persona. It's not the end of the project, but Mozilla is not going to be > pushing it further than it has to date. We needed new features added to > Persona, but that work is going to have to come from the Persona or Web > Payments community. We'll wait for the dust to settle and figure out a > plan going forward for a login solution for Web Payments. > > Until then, we'll wait for Dan and the rest of the ex-Persona team to > publish their blog post on the current status and future of the > Persona project. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: The Worlds First Web Payments Workshop > http://www.w3.org/2013/10/payments/ > -- Joseph Potvin Operations Manager | Gestionnaire des opérations The Opman Company | La compagnie Opman http://www.projectmanagementhotel.com/projects/opman-portfolio jpotvin@opman.ca Mobile: 819-593-5983 LinkedIn (Google short URL): http://goo.gl/Ssp56
Received on Monday, 24 February 2014 11:56:06 UTC