Re: VISA => U2F

On 2014-05-21 15:45, Timothy Holborn wrote:
> Can someone confirm / deny something like https://pypi.python.org/pypi/python-u2flib-server/1.0.0 COULD be integrated into a platform such as rww.io (should sufficient developer resources be available..)
>
> Implicitly, other similar platforms (stample/rww-play, virtuoso, etc...  )

Before someone confirms or denies anything there's a simple question to answer:

Assume that you have an identity-something stored in a cookie bound to "myid.com".

How can this be utilized except by the user explicitly telling sites
that they have to reference "myid.com" (technically through an IFRAME
published on "myid.com")?

I don't see how this can be done unless the number of identity providers is
very low or the user types the domain.  For some people this is probably
OK, for me it feels more like stone-age.

AndersR


>
> Timh
> Sent from my iPad
>
>> On 21 May 2014, at 10:33 pm, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
>>
>> https://fidoalliance.org/news/item/the-fido-alliance-welcomes-visa-to-the-board-of-directors
>>
>> It seems that I'm not alone believing that building a payment future on passwords
>> isn't going anywhere.
>>
>> The remaining issue is that U2F (AFAICT) doesn't address a distributed authentication
>> solution without also dragging in new hassles.
>>
>> If VISA had tried to map U2F into 3D Secure they would have realized that U2F is
>> more suited for super-providers like PayPal, Google, Alibaba, and Apple.
>>
>> The prospects for http://webpki.org/papers/PKI/pki-webcrypto.pdf look better
>> and better.
>>
>> Anders
>>

Received on Thursday, 22 May 2014 14:54:50 UTC