- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 07 May 2014 18:54:02 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, public-webpayments@w3.org
On 2014-05-07 18:33, Manu Sporny wrote: > On 05/07/2014 04:23 AM, Anders Rundgren wrote: >> On 2014-05-07 10:02, Timothy Holborn wrote: >>> I've found server-side source for u2f. >>> >>> Therefore, I imagine it could be packaged with a cloud-storage >>> service (like rww.io) >> >> Yes, U2F will work fine if we limit ourselves to 2-3 identity >> providers. In that case Google and Facebook remain the only viable >> alternatives which I don't think was the goal for WebPayments, WebID >> or any other web-system based on decentralization. > > Anders, assume that most of us know next to nothing about U2F. :) Manu, NP :-) > Why will U2F only work for 2-3 identity providers? A certificate using HTTPS Client Cert Auth like in WebID-TLS can be used for login to any properly setup site, right? U2F, OTOH, presumes (for privacy reasons) a unique public key for each domain/site enforced by SOP. Getting around that feature/limitation isn't my cup of tea. > I'm assuming that it's going to be for the same reasons that OpenID > Connect is probably only going to work for 2-3 identity providers. Yes, that's exactly the right comparison. anders > > -- manu >
Received on Wednesday, 7 May 2014 16:54:39 UTC