undefined | Better HN

0 pointsdane-pgp3y ago0 comments

Thanks for the reply. I hadn't realised that SIOP has been around for a long time, but I'm pleased that Microsoft and others still seem to be working on it (the most recent draft was published last month).

That's an interesting point about the 'openid:' scheme. Are you worried about someone having a use case where they want two separate wallet apps installed at the same time on their phone (rather than one app that can support multiple identities)?

Or is the concern more that someone might install a (seemingly unrelated) second app which surreptitiously hijacks the scheme and spoofs the interface of the existing app, to trick people into... revealing which sites they have accounts on? (The second app wouldn't be able to steal the keys from the first one, right?)

Anyway, it's good that multiple approaches are being attempted to solve the vital problem of decentralised identity, and I look forward to seeing how much adoption Hellō gets.

0 comments

1 comments · 1 top-level

dickhardt3y ago

The second point is more concerning.

A related point is that it only works if the user already has a wallet installed that is listening on "openid:". "mailto:" and "tel:" work on a phone since there is an email and phone app on all phones by default.

This is a classic chicken and egg problem. Why would a developer use "openid:" if there are few, if any users, and why would a user install a wallet for "openid:" if there are no apps.

Thanks for your encouragement! ... would love any other feedback you have.

We believe Hellō is SSI (Self Sovereign Identity) -- decentralized approaches are one way to approach -- a distributed centralized approach like Hellō is another way that is more pragmatic.

j / k navigate · click thread line to collapse