To my mind, an interesting twist of a mobile selector is that the resource being accessed need not be accessed on the mobile, i.e. a mobile selector can be used to facilitate PC based access.
When surfing from a PC, rather than rely on any selector on the PC, use the one you have on your phone (and thereby indirectly achieve card portability across different PCs). This is the same model that NTT explored with our SASSO - a SAML IDP on a phone.
One challenge for this model is solving the 'how do I wake up the identity agent?' issue. In the 'normal' sequence, the selector is invoked by the browser (or some other application) when it comes across some indication from an RP that identity is being sought.
Not so easy to do when the application is on the PC, and the selector on a phone.
You either have the PC communicate the invocation to the phone (through Bluetooth, QR codes, etc), depend on the selector to determine if it needs to wake up at any instance (by polling, etc), or have the user manually launch the selector.
Post a Comment