W3C home > Mailing lists > Public > public-webpayments@w3.org > March 2014

Re: Web Identity spec renamed to Identity Credentials

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 17 Mar 2014 18:11:39 -0400
Message-ID: <5327731B.5020407@openlinksw.com>
To: public-webpayments@w3.org
On 3/17/14 3:28 AM, Anders Rundgren wrote:
> On 2014-03-16 19:59, Manu Sporny wrote:
>> The poll to rename the Web Identity spec closed Friday night at midnight
>> ET. Here are the poll results after they're combined w/ Kingsley and
>> Michael's mailing-list based suggestions:
>>
>> Web Credentials           3
>> Identity Credentials     15
>> Open Credentials          1
>> Verified Credentials      1
>> Web Identity Credentials  1
>>
>> The details are attached as a PDF summary of the poll and a CSV file
>> outlining each vote. The website and specification title have been
>> updated to match the consensus reached via the poll:
>>
>> https://github.com/web-payments/web-payments.org/commit/0c0f8bdc2ab2dedabd60149f7801ea3e2abd1a72
> Google's handling of U2F which is about the only innovative web security solution
> introduced the last 15 years says it all:  Standardization processes do not generally
> work well when combined with innovation.  It simply gets too fuzzy.
>
> Successful standardization rather builds on _established_ technology or concepts.
>
> If you really want to do something in client authentication you need: 1) a new process,
> 2) an early buy-in from a major platform vendor.  Since none of that is likely
> to happen, the second best option is making the payment standard-to-be _agnostic_
> to the authentication method.
>
> I expect this message to be ignored, Naysayers are quite unpopular, right?
>
> Anders

Anders,

+1

It has to be authentication protocol agnostic. This applies to both Web 
Payments and WebID community groups. For instance, in the WebID 
community group, a WebID (HTTP URI that denotes an Agent) has been 
decoupled from WebID+TLS which is the authentication protocol that 
performs the Linked Data lookup of certificate claims in a profile 
document dereferenced from the WebID in a certs. SAN etc..

Kingsley

>
> PS
> That Mozilla's key-generation utility haven't improved since 1995 is IMO another
> sign of that this space is close to immune to innovation.  Their soft token scheme
> doesn't even feature PIN-codes which is a standard feature in banking.
> Note: Mozilla is "in good company", this is just an example.
> DS
>
>> -- manu
>>
>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen






Received on Monday, 17 March 2014 22:12:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:28 UTC