- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 16 Feb 2015 20:18:45 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>, public-webpayments@w3.org
On 2015-02-16 19:27, Kingsley Idehen wrote: > On 2/13/15 3:19 AM, Anders Rundgren wrote: >> http://webpki.org/papers/decentralized-payments.pdf >> >> InformationCards is a brilliant concept invented by Microsoft years ago which though never caught on. >> >> 3D Secure is a rather unpopular (but principally very interesting) system created by VISA and MasterCard during the late 90'ties. >> >> Combining these schemes in one and supplying them on a modern mobile platform makes a huge difference. >> >> It's time for "Resurrection"! >> >> Anders >> >> >> > > " > > > Relying on a Personal Information Card > > Given that information in Personal Information Cards is all self-asserted by the user, the question is, "How can a Web site rely on any of the information contained in the card?" In the same way that Web sites currently accept information that the user types into forms, Web sites can accept information from Personal Information Cards with the same level of trust. > > Each Personal Information Card is created with a Master Key, which is a string of random data. When the user selects a card that represents the data to send to a site, data from the site's certificate and the master key is used to generate two features for that association: the "private personal identifier" (PPID) claim and the public/private key-pair used for signing. The PPID claim can be requested by the relying party like any other claim (with its URI). > > To be able to rely on the card as a form of authentication, the site can use the public key and the PPID of a Personal Information Card to generate a unique identifier, for use instead of using a user name and password to identify the user. Typically this can be done using a simple hash algorithm of the concatenation of public key and the PPID. Because re-creating a card will also generate a new Master Key, regardless of entering the same data in the claims, two Personal Information Cards will not be recognized as equal. > " > > Excerpted from: https://msdn.microsoft.com/en-us/library/vstudio/aa347717%28v=vs.90%29.aspx . > > You like that, but you struggle to understand an open standards variant based on HTTP URIs and profile documents,m comprised of content also created using open standards? > > ??? This proposal borrows what I think were the great things with InformationCards which is: - the card metaphor - a key - URL to the home-base The key may be a standard X.509 certificate. The other parts including claims attributes and WS* have not been used since they have no use for payments. It is indeed different to linked data and profile documents but payments and ID are different. Anders > -- > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web:http://www.openlinksw.com > Personal Weblog 1:http://kidehen.blogspot.com > Personal Weblog 2:http://www.openlinksw.com/blog/~kidehen > Twitter Profile:https://twitter.com/kidehen > Google+ Profile:https://plus.google.com/+KingsleyIdehen/about > LinkedIn Profile:http://www.linkedin.com/in/kidehen > Personal WebID:http://kingsley.idehen.net/dataspace/person/kidehen#this
Received on Monday, 16 February 2015 19:19:31 UTC