- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 29 May 2014 23:13:04 +0200
- To: Herbert Snorrason <odin@anarchism.is>, public-webpayments@w3.org
On 2014-05-29 21:38, Herbert Snorrason wrote: > On mið 28.maí 2014 17:12, Anders Rundgren wrote: >> A "funny" thing is that the current U2F specification squarely >> matches the needs of WebPayments and WebID due to U2F's SOP-based >> trust model. > What's the first factor? The demo describes quite well what U2F does, and how. > > If U2F is "ubiquitous second factor", you still need the first factor to > log in. Not to mention the identity itself. So the best-case scenario > here is that U2F helps fill into the immediate "how do I log in" > question - but the question we've been talking the most about is "how do > we make identity information shareable in a standard way". > > Flatly, I don't see how anything in either WebID or Identity Credentials > clashes with the use of U2F. Sure, both specify their own, distinct, > authentication mechanisms - but the identity management aspects are > pretty clearly distinct, focus on issues that it appears to me U2F does > not, and _do not mandate the use of the authentication mechanism_. > > So what's the issue, exactly? That the WebID and WebPayments groups (unlike the mentioned bunch of mega-corporations who put their money on U2F), do not have a useful and strong client-authentication mechanism. Using U2F would be cool but I don't see how that could work. If you do, I suggest writing a short paper showing how so we have something concrete to talk about. > Apart from the fact that differences > between WebID and Identity Credentials are non-existent aside from the > fact that one is specified in terms of RDF and the other is specified in > terms of JSON and uses JSON-LD to map that to RDF? > > With greetings, > Herbert Snorrason Anders
Received on Thursday, 29 May 2014 21:13:40 UTC