The problem today is that no agreed set of standards exists. We have widely disparate views of what these should be. Everybody has their own favourites. In one camp, we have people who believe the future is a completely new set of digital identity technologies: blockchains, DIDs, new cryptographic algorithms, and the DIDComm protocol stack (which is really little more than S/MIME with onion routing), and those like myself who believe we should build the verifiable credential digital identity eco-system on today’s existing ubiquitous standardised protocols and cryptography, such as X.509, OpenID Connect, W3C Web Authentication (FIDO2) and JWTs.


More

What is a passkey? Why Apple is betting on password-free tech

The digital realm has long struggled with the vulnerabilities inherent in password-based authentication systems. With…

Read More →

The Register: AWS is pushing ahead with MFA for privileged accounts. What that means for you.

AWS is making multi-factor authentication (MFA) mandatory for privileged users, specifically management account root users…

Read More →

IT Brew: FIDO Alliance announces identity-proofing certification

FIDO’s Face Verification Certification tests for security, liveness, and bias in remote identity verification technology…

Read More →


123248 Next