- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 11 Sep 2014 05:50:51 -0700
- To: Web Payments CG <public-webpayments@w3.org>
Although it may be a bit early reviewing a conference before it is over I believe that I'm in confidence can tell that the FIDO and WebCrypto folks are not particularly into the distributed (but interconnected) web. They rather emphasize that replacing userid/passwords is their main goal and that privacy requires that you have a unique relationship (key-wise) with each domain. Mozilla and Google show no interest in the existing (and in Europe and Asia relatively successful) eID use-cases where you indeed can use the same credential on multiple sites. This is a problem since these implementations rely on browser plugins which soon will be "outlawed" which have forced (for example) the banks in Sweden to switch to native applications to cope with this issue. I'm personally moderately convinced that WebCrypto and FIDO actually address privacy (except on paper) because it is basically impossible doing anything serious on the web without having a validated e-mail address which means that service providers get a Globally Unique (fairly) Static ID which also is Searchable and is Exposed in communication with other people. That is, the NSA and other spying entities already have the perfect electronic handle to individuals. In reality FIDO will rather strengthen the super-providers' offers since FIDO doesn't support an improved payment system for a distributed set of banks of the kind I'm targeting. The user-experience for such a use-case is simply put very bad while Apple, Google and Paypal will look both wonderful and be secure. Anders
Received on Thursday, 11 September 2014 12:51:27 UTC