- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 22 May 2014 16:54:08 +0200
- To: Timothy Holborn <timothy.holborn@gmail.com>
- CC: Web Payments CG <public-webpayments@w3.org>, public-rww <public-rww@w3.org>
On 2014-05-21 15:45, Timothy Holborn wrote: > Can someone confirm / deny something like https://pypi.python.org/pypi/python-u2flib-server/1.0.0 COULD be integrated into a platform such as rww.io (should sufficient developer resources be available..) > > Implicitly, other similar platforms (stample/rww-play, virtuoso, etc... ) Before someone confirms or denies anything there's a simple question to answer: Assume that you have an identity-something stored in a cookie bound to "myid.com". How can this be utilized except by the user explicitly telling sites that they have to reference "myid.com" (technically through an IFRAME published on "myid.com")? I don't see how this can be done unless the number of identity providers is very low or the user types the ___domain. For some people this is probably OK, for me it feels more like stone-age. AndersR > > Timh > Sent from my iPad > >> On 21 May 2014, at 10:33 pm, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: >> >> https://fidoalliance.org/news/item/the-fido-alliance-welcomes-visa-to-the-board-of-directors >> >> It seems that I'm not alone believing that building a payment future on passwords >> isn't going anywhere. >> >> The remaining issue is that U2F (AFAICT) doesn't address a distributed authentication >> solution without also dragging in new hassles. >> >> If VISA had tried to map U2F into 3D Secure they would have realized that U2F is >> more suited for super-providers like PayPal, Google, Alibaba, and Apple. >> >> The prospects for http://webpki.org/papers/PKI/pki-webcrypto.pdf look better >> and better. >> >> Anders >>
Received on Thursday, 22 May 2014 14:54:48 UTC