Re: Strong authentication for PayPal versus WebPayments

On 2014-05-13 01:09, Timothy Holborn wrote:
>
>
> Sent from my iPad
>
> On 13 May 2014, at 8:30 am, Melvin Carvalho <melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>> wrote:
>
>>
>>
>>
>> On 13 May 2014 00:03, David Nicol <davidnicol@gmail.com <mailto:davidnicol@gmail.com>> wrote:
>>
>>
>>
>>
>>     On Mon, May 12, 2014 at 12:11 PM, Kingsley Idehen <kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>> wrote:
>>
>>         NASCAR isn't necessarily a problem for end-users. This more of a problem for programmers that have to write code for different authentication protocols. We have to keep these concerns loosely coupled.
>>
>>
>>
>>     it's easy to imagine an intermediary who vets identity providers and publishes a resource that identity consumers
>>     reference to  easily throw up a block of logos of approved providers. Do such not already exist? Businesswise, there are marketing and business-model problems, but it's a low-hanging fruit. "We address the NASCAR problem so you don't have to" could be the slogan.
>>
>>
>> I very much doubt it will go this way.  More likely you'll see certification for a price.  This was attempted to be rolled out with the original microsoft passport.  It used to cost (I think) $50,000 to be approved to passport, and there was a time when I thought that was just the way it was going to be, in fact I considered saving up the money.
>>
> Very early days of web apps...
>
> I imagine some of the "special Id check" systems providers, especially where it's useful to lower fraud related issues...
>
>> Then OpenID came along, and promised more decentralized identity and it resonated with the community.  Tho I suspect the OpenID foundation are probably going to go down the IdP certification route again with tiered pricing, we will see.
>>
>> Centralization in identity is perhaps an undesirable avenue for the web to go down, which is why I like WebID, it's totally decentralized.  I actually think one of the roles of government is to be an IdP, in fact they already offer passports.  They have been historically good in this role, and I hope it becomes a shared benefit of being a citizen, rather than a cost.
> Hehe.  +1 ; well put.


Personally (and with 15Y+ experience with government eID programs), I believe this group is widely
exaggerating governments' interest in the open web as well as the other parties' acceptance of
government IDs.  The latter may sound strange since we (generally) already do that but there's
an important limitation: Government IDs have to date only been extensively used by the private
sector for F2F identification.

Regarding OpenID as the foundation for commercial IdPs, I haven't heard about any such program.
Commercial IdPs currently only work in highly local markets and they all have unique technical
solutions.  They usually depend on the RP (Relying Party) to pay so their scalability is zero.

It has BTW turned out to be very hard getting commercial RPs on board.  In the rare case they
need vetted IDs, they rather issue such on their own (my project FWIW is very much based on
making this realistic for any organization).

Going back to the subject line the fact remains:  Centralized services like Amazon, Google,
Alibaba, Apple, Facebook, PayPal, etc. have [essentially] ALL THE MONEY.

Advocates for the distributed web have either [close to] NO MONEY and/or are HIGHLY DIVIDED and
are therefore unable creating the technology which IMO is needed to compete with the former bunch.
Not even Mozilla ("the peoples' browser") is really interested in challenging the centralized
vision for the obvious reason that decentralized services are still mainly a pipe dream.

I'm a true supporter of the distributed web but do not believe it can be successfully built
on top of a platform which was originally designed to render HTML pages in a distributed
fashion.  Distributed services needs more, in fact, MUCH MORE.

I have yet to see a structured discussion on requirements. It is more like political statements,
"minor UI issues that vendors will fix", "linked data addresses NASCAR", "we can use any auth method".

That standards are about openness and interoperability is a nice theory, IMO it is rather
another way of screwing the competition (including extending the reach of your services).
In the eyes of the market Windows is a standard.

Anders

Received on Tuesday, 13 May 2014 05:45:18 UTC