[Openid-specs-ab] SIOP and webauthn

Nikos Fotiou fotiou at aueb.gr
Sat Mar 11 18:13:44 UTC 2023 

This is  a great piece of information. Thanks 

> 11 Μαρ 2023, 7:49 μμ, ο χρήστης «John Bradley <jbradley at icloud.com>» έγραψε:
> 
> OpenID Connect (OpenID Artifact binding) was developed from about 2008 to finalization in 2014
> SIOP was based on infoCard as applied to the Connect redirect protocol.  
> 
> Between 2011 and 2012 Google and Yubico developed a private specification for security keys “gnubby” to stop phishing of Google employees.  This was contributed to Fido as U2F in 2013.
> 
> They were both inspired by previous standards where a public key was trusted upon first use, however they had quite different constraints.  
> 
> U2F had to work on a tiny NXP secure element over NFC and USB.
> 
> In the future with wallet API there may be more alignment between the specifications.
> 
> However I wouldn’t say that OpenID came first and Fido ignored it.   They were developed in parallel around the same time.  
> 
> John B. 
> 
> 
> Sent from my iPhone
> 
>> On Mar 11, 2023, at 7:45 AM, Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
>> 
>> Hi,
>> 
>> I have a question which is related to politics and standardization history.
>> 
>> I believe that SIOP (as defined in openid connect core) could have been used instead of WebAuthn. A combination of SIOP+ctap (rather than WebAuthn+ctap) would have more chances of getting adopted. So I was wondering how we came up with yet another API instead of adding support for SIOP to browsers. Did this ever occur as a possibility?
>> 
>> Best,
>> Nikos
>> 
>> --
>> Nikos Fotiou - https://www2.aueb.gr/users/fotiou/
>> Researcher - Mobile Multimedia Laboratory
>> Athens University of Economics and Business
>> https://mm.aueb.gr
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230311/3971573a/attachment.p7s>

More information about the Openid-specs-ab mailing list