W3C home > Mailing lists > Public > public-webpayments@w3.org > June 2014

Re: U2F Demo

From: Dave Lampton <dave.lampton@gmail.com>
Date: Wed, 4 Jun 2014 17:08:31 -0700
Message-ID: <CAHbN0exvgnV8QDnjMSjf+a1BboLgHCP3H5uRuPyUCsp-JG-yVA@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: David Nicol <davidnicol@gmail.com>, Herbert Snorrason <odin@anarchism.is>, Web Payments <public-webpayments@w3.org>
fwiw, I agree that OpenID is not an attractive/acceptable solution, but I
too question the wisdom of trying to architect a better identity
solution... it just seems far astride of the Web Payment topics at hand.

and just to throw in one more opinion (one that can likely be ignored, for
your current considerations)...

IMO, identity verification (authentication) *can be avoided altogether* in
many cases if (for example) the "money" (in whatever form) is digitally
"attached to" or "owned by" an account somewhere and that relationship is
simply made public.

just food for thought.



Dave Lampton
* @dave_lampton <https://twitter.com/dave_lampton>*

* DaveLampton <https://www.facebook.com/DaveLampton> +DaveLampton
<https://www.google.com/+DaveLampton>*
www.linkedin.com/in/davelampton/




On Wed, Jun 4, 2014 at 4:30 PM, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

>
>
>
> On 4 June 2014 20:19, David Nicol <davidnicol@gmail.com> wrote:
>
>>
>> On Fri, May 30, 2014 at 5:32 AM, Herbert Snorrason <odin@anarchism.is>
>> wrote:
>>
>>>
>>> > There's IMO *no point whatsoever* "reinventing" OpenID or try
>>> > competing with OpenID.
>>> Then we disagree on a pretty fundamental level. OpenID is not
>>> acceptable, nor is any protocol which grants the identity provider the
>>> same level of surveillance capability over its users. A combination of
>>> an identity scheme that allows identity providers to monitor everything
>>> and an oligopoly in identities effectively controlled by US-based
>>> corporations (which is the status quo) is especially worrisome to me.
>>> What happens when the U.S. government goes on one of its quasi-regular
>>
>>
>> I read that as "Herbert Snorrason considers an end-user-managed
>> asymmetric cryptography option for identity authentication a non-negotiable
>> acceptance criterion."
>>
>>
>>
>>
>
> How do you think Herbert Snorrason's opinion stack up to Tim
> Berners-Lee's, in your view?
>
> Is any one more important than the other's, I would be interested to learn.
>
Received on Thursday, 5 June 2014 00:08:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:31 UTC