Re: Proposed work item: WebKMS

On 11/23/19 12:22 PM, Orie Steele wrote:
> I'm also interested in supporting this work, particularly around 
> support for https://www.w3.org/TR/WebCryptoAPI/#dfn-Crypto

Yes, as are we... we haven't detailed the APIs yet, but the idea is to
have a general set of operations that are supported... sign, verify,
wrap, unwrap, etc. (like the CRUD operations that all DID Methods need
to support) defined, and then bindings to local APIs (e.g., Javascript
APIs) and remote APIs (HTTPS APIs with authz, including, but not limited
to, ZCAPs).

> I worry about the requirement for a standard HTTP API, does this
> mean that webkms can ONLY be used to expose a kms with the ability to
>  handle http requests? I think this would eliminate the integration I
>  mention above, namely, a common interface for both browser and
> server cryptographic interfaces...

No, that's not a goal (to limit to HTTP API). We want to make sure that
we can wrap the WebAuthn stuff as well as the AWS/Azure/Google Cloud HSM
stuff.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Sunday, 24 November 2019 01:13:28 UTC