Re: Decentralized/Secure/Convenient WebPayments - Based on EXISTING Standards from Kingsley Idehen on 2015-02-16 (public-webpayments@w3.org from February 2015)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 16 Feb 2015 13:27:46 -0500
To: public-webpayments@w3.org
Message-ID: <54E236A2.9090300@openlinksw.com>

On 2/13/15 3:19 AM, Anders Rundgren wrote:
> http://webpki.org/papers/decentralized-payments.pdf
>
> InformationCards is a brilliant concept invented by Microsoft years 
> ago which though never caught on.
>
> 3D Secure is a rather unpopular (but principally very interesting) 
> system created by VISA and MasterCard during the late 90'ties.
>
> Combining these schemes in one and supplying them on a modern mobile 
> platform makes a huge difference.
>
> It's time for "Resurrection"!
>
> Anders
>
>
>

"

    Relying on a Personal Information Card

Given that information in Personal Information Cards is all 
self-asserted by the user, the question is, "How can a Web site rely on 
any of the information contained in the card?" In the same way that Web 
sites currently accept information that the user types into forms, Web 
sites can accept information from Personal Information Cards with the 
same level of trust.

Each Personal Information Card is created with a Master Key, which is a 
string of random data. When the user selects a card that represents the 
data to send to a site, data from the site's certificate and the master 
key is used to generate two features for that association: the "private 
personal identifier" (PPID) claim and the public/private key-pair used 
for signing. The PPID claim can be requested by the relying party like 
any other claim (with its URI).

To be able to rely on the card as a form of authentication, the site can 
use the public key and the PPID of a Personal Information Card to 
generate a unique identifier, for use instead of using a user name and 
password to identify the user. Typically this can be done using a simple 
hash algorithm of the concatenation of public key and the PPID. Because 
re-creating a card will also generate a new Master Key, regardless of 
entering the same data in the claims, two Personal Information Cards 
will not be recognized as equal.
"

Excerpted from: 
https://msdn.microsoft.com/en-us/library/vstudio/aa347717%28v=vs.90%29.aspx 
.

You like that, but you struggle to understand an open standards variant 
based on HTTP URIs and profile documents,m comprised of content also 
created using open standards?

???

-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 16 February 2015 18:28:11 UTC