Linux Foundation Europe Launches OpenWallet Foundation To Power Interoperable Digital Wallets (techcrunch.com) 23
The Linux Foundation's European off-shoot has formally launched the OpenWallet Foundation (OWF), a new collaborative effort designed to support interoperability between digital wallets through open source software. From a report: The launch comes some five months after the Linux Foundation first revealed plans to set up the OWF, shortly before it spun out a region-specific entity called the Linux Foundation Europe which is where the OWF will now officially reside. While the likes of PayPal, Google, and Apple are among the most recognized digital wallet providers, allowing consumers to conduct financial transactions in-store or online, digital wallets are increasingly being used to store all manner of virtual goods from student ID to driving licenses. On top of that, burgeoning technologies such as the metaverse and crypto are giving rise to greater use-cases for digital wallets.
But one thing all these various environments have in common is that the incumbent digital wallets, for the most part, don't play nicely with each other: an Apple Pay die-hard can't send money to their Google Pay brethren. And that is why the OWF is setting out to create an "open source engine" that can power interoperable digital wallets across myriad use-cases including identity, payments, and storing personal credentials such as employment and education certification.
But one thing all these various environments have in common is that the incumbent digital wallets, for the most part, don't play nicely with each other: an Apple Pay die-hard can't send money to their Google Pay brethren. And that is why the OWF is setting out to create an "open source engine" that can power interoperable digital wallets across myriad use-cases including identity, payments, and storing personal credentials such as employment and education certification.
Would you really keep ID in a phone wallet? (Score:3)
I would not keep ANYTHING I had to unlock a phone for....that I might have to surrender to authorities on my phone.
Heck, even if it just displayed on front screen, I would not do it, I do not want to voluntarily for any reason hand my phone over to cops or other authorities...that just seems in that action you are giving up on your 4th Amendment and possibly other rights by that action alone.
Yes, I'm talking about this in the US, not Europe....
But more broadly, do any of you out there keep ID and other documents you have to show to authorities on your phone and if so....why?
Re: (Score:3)
" do any of you out there keep ID and other documents you have to show to authorities on your phone and if so....why?"
Yes. I don't have a digital drivers license, it's not offered where i am, but i do have pictures of it in "knox" as a backup in case my wallet is lost or stolen (they aren't legally valid of course but can still make life less inconvenient to have them), and i do use the digital wallet for a credit card.
".that just seems in that action you are giving up on your 4th Amendment and possibly oth
Re: (Score:2)
Firstly I seriously doubt any court would ever be convinced that presenting your drivers license as required in a routine interaction with LEO, but in electronic format, would constitute any sort of consent to a general search of the entire phone. I expect the police would still require separate explicit consent or a warrant.
On the iPhone, any card in your Wallet (including, I assume, a digital drivers license) can be presented without unlocking the phone. For credit/debit cards, you do have to authenticate to complete the purchase (e.g. TouchID, FaceID, Passcode) - but doing so still doesn't unlock the phone.
I would guess it's the same with Google's or Samsung's wallet apps.
Re: (Score:2)
But, in doing so in front of them, does that not give them evidence there that you CAN unlock the phone, and if compelled to, you lose that defense.
Or, if you are using a passcode and they capture you punching it in via
Re: (Score:3)
Lately ticket reservations are on it for a local membership because I got tired of printing them out, but without my physical drivers license they won't be accepted even if someone steals the phone. Why anyone would care about the photo of my covid vax card I also have no idea. Drivers
Re: (Score:2)
But I'm not some dancing finger socialite. I use it for what a phone used to be used for.
Let me get this straight... you have an astoundingly powerful pocket computer with a high speed radio modem and you use it to send meat flapping sounds to other meatbags. Nerds used phones for sending data.
Could use a passkey implementation too (Score:4, Interesting)
Open Source really needs an open equivalent to Apple/Google/Microsoft passkey solutions. Passkey's an sich are just U2F/FIDO2 resident keys, but what Apple&co are adding is cloud backup and syncing. One of the usability problems with U2F has been the need to register multiple keys if you want redundancy, passkeys remove that by allowing backup/sync (or to put it in less politically correct terms, cloning, probably best not use that term if you want level 2 certification from FIDO).
I don't see any use in app implementation though. The secure parts of Google/Apple wallets and passkey solutions run in secure enclaves, not as pure apps. You can make an open source equivalent, but it will need dedicated hardware or the security will be way too weak. Something credit card sized with a finger print sensor, NFC and BLE? Just having source code and no usable reference implementation is going to go absolutely nowhere, this needs to be a software+hardware project.
Re: (Score:2)
Unfortunately, having an extra device is considered unreasonably onerous, and the 'trusted execution environments' generally are only 'trusted' by being explicitly closed.
Assuming you did have a standalone device implementing things the way you want, then you have the rather large obstacle of whether the target authentication site requires device attestation of a 'trusted manufacturer'. In fact, despite most all android phones nowadays providing FIDO, a number of places will *only* support iPhone and Samsu
Re: (Score:2)
In fact, despite most all android phones nowadays providing FIDO, a number of places will *only* support iPhone and Samsung signing keys.
Do they only provide iPhone/Samsung signing keys, or are Apple and Samsung the only phones with level 2/3 FIDO certification? An open source solution could probably get level 2/3 certification if the hardware supports attestation, you would not be able to use modified firmware but it could still be open source.
Once you have an open external solution, you can make a minified USB solution which can be included by laptop/phone manufacturers.
It seems the Linux Foundation is just going to push paper though ... f
Re: (Score:2)
As in there are attestation certificates and some only bother to trust Apple/Samsung. Webauthn provided an 'attestation' feature so that an authentication implementation can opt only to trust a specific device (e.g. you want to open up your MFA to Yubikey, but you don't want phones to be able to use the service, then you get Yubikey attestation certificates only). There are many security teams that see some optional feature and decide that it *must* be enabled somehow, and will take any chance to inflict
Force it at the Point of Sale (Score:3)
Your wallet should support the places you shop, not shop the places your wallet allows.
Some very strong government needs to drop the hammer on digital payments and require that all be interoperable at any point of sale that accepts digital payment and registered/legal businesses may not enter into exclusive payment type agreements. That way it doesn't matter what digital wallet is on your shiny new widget as long is it support EU Pay, US Pay etc.
I'm Old But... (Score:3)
Re:I'm Old But... (Score:4, Interesting)
less likelier to be with me than my wallet.
There's the trend that is opposite of where a lot of folks want to be. Once upon a time, you had a wallet with cash, driver's license, *maybe* ATM cards/credit cards, and a whole bunch of jangly keys. Your wallet is 'one' item, but it's really just a bunch of individual things to wrangle, and high chance of accidentally yanking out a card you didn't mean to and losing it.
Now we have cars and home locks that can use phone instead of keys, eliminating need to carry around keys. Digital payments and ID mean no wallet. Some find the concept appealing of just having the one device. Sure it's more bulky than a single credit card, but the act of pulling out an as-bulky or bulkier wallet, then extracting the card is generally more trouble than phone. That's assuming your phone is put away, likely your phone is already out for other reasons.
For security, the current crop of credit cards are *way* higher risk than the way phone payments work. The cards still have the numbers visible and mag stripes that give out 'shared secret' freely. The chip/nfc is more like phone, a private key is kept private and the point of sale is never given anything that it could use freely. A credit card without magstripe or printed numbers can be more credibly secure, though more likely to be lost without noticing than a phone. The phones always pay without divulging account numbers.
Re: (Score:2)
What I find fascinating is that many people who claim they would have range anxiety using an EV don't have battery anxiety with everything on their phone...
Every single time I go somewhere that absolutely requires interaction with my phone, I dread that an app will go bonkers and drain the battery before I get there. It needn't even be an app: just standing in a really unfortunate place where the GSM keeps jumping from tower to tower is enough to see a hit.
Re: (Score:2)
Re: (Score:2)
I'm not sure I want to have that discussion with the clerk at the grocery store, the machine allowing me entrance to the metro, the train conductor wanting to see my ticket, the policeman unhappily saying 'license and registration please' ...
Re: (Score:2)
Every single time I go somewhere that absolutely requires interaction with my phone
This is an experience I have never had. Nobody I do business with needs me to have a phone there.
I'm having a hard time thinking of something that would work like that.
I remember reading that Qatar was requiring smartphones for the World Cup, and thinking how bonkers that was.
Re: (Score:2)
Some find the concept appealing of just having the one device.
They are also braver than I am for sure! I have had phones run out of charge, though I dare say I would be much more careful if more depended on it. I've also had a phone flat out die on me in an airport (yay). They're also fragile. I had some arsehole barge into me and bash my phone out of my hand. It somehow managed to hit something on the platform while avoiding the phone protector and smashed up the screen to the point where the touch control
Seems like a weak argument (Score:3)
"But one thing all these various environments have in common is that the incumbent digital wallets, for the most part, don't play nicely with each other: an Apple Pay die-hard can't send money to their Google Pay brethren. And that is why the OWF is setting out to create an "open source engine" that can power interoperable digital wallets across myriad use-cases including identity, payments, and storing personal credentials such as employment and education certification."
Do any significant percentage of people actually keep money in their Apple or Google wallets rather than the bank? Because if your money is in the bank, there are already plenty of platform-agnostic ways to easily move it from one person to another - like Zelle and Venmo.
I suspect the true impetus behind this is simply "current digital wallets are proprietary; we want an open source version". That is a valid point of view; but the number of people who actually care about it is relatively minuscule.
Re: (Score:2)
Because if your money is in the bank, there are already plenty of platform-agnostic ways to easily move it from one person to another - like Zelle and Venmo.
And, if you're in the UK, your bank.
It's quite neat. All the banks and building societies here are on BACS (well really FPS) system, so you just need a sort code (routing number roughly) and account number and you can send money, almost instantly, for free to anyone in the UK with an account. They even do name verification now to reduce the chances of m
I can already see it... (Score:1)