Re: Web Cryptography Working Group scoping progressing... from Harry Halpin on 2011-11-04 (public-identity@w3.org from November 2011)

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 4 Nov 2011 13:29:33 -0000 (GMT)
To: "David Dahl" <ddahl@mozilla.com>
Cc: "Brian Smith" <bsmith@mozilla.com>, public-identity@w3.org, channy@gmail.com
Message-ID: <cb2eccb234c7e14ffc5af80ac1dda62a.squirrel@webmail-mit.w3.org>

> To be more clear, the solutions we need to create for banking and
> e-commerce in countries that require a more advanced UX to sign a
> transaction should be a parallel piece of work separate from the core
> Crypto API. This functionality straddles the line between "Identity" and
> core crypto APIs.

I agree with David that this work remain on the API level. However,
creating such best practices UX guidelines could be done in an informative
document done by a Community Group.

This is not to say that UX standardization for mission critical app
interface issues would be bad, but previous experience shows it is
difficult.

See previous work on Web Security Contexts

http://www.w3.org/TR/wsc-ui/

>
> Cheers,
>
> david
>
> ----- Original Message -----
> From: "David Dahl" <ddahl@mozilla.com>
> To: "Brian Smith" <bsmith@mozilla.com>
> Cc: public-identity@w3.org, channy@gmail.com
> Sent: Thursday, November 3, 2011 7:51:40 PM
> Subject: Re: Web Cryptography Working Group scoping progressing...
>
> I think this is something that we can keep on a "roadmap". The scope of
> the crypto API will necessarily be narrow for the first iteration, adding
> any kind of UI is something we should plan for in a later iteration.
>
> Cheers,
>
> David
>
> ----- Original Message -----
> From: "Brian Smith" <bsmith@mozilla.com>
> To: channy@gmail.com
> Cc: public-identity@w3.org
> Sent: Thursday, November 3, 2011 6:44:31 PM
> Subject: Re: Web Cryptography Working Group scoping progressing...
>
> Channy Yun wrote:
>> 3) Some of functions as like key pare generation and digital signature
>> generation require browser's user interface. It needs universal
>> interface guideline for security issues.
>
> Are smartcard digital signatures on transactions like the ones required in
> e-commerce / e-banking transactions in Korea, China, and elsewhere (tied
> to "real" legal identities) going to be considered in scope? From reading
> the draft scope document, I got the impression that this would be out of
> scope. I think it is OK for it to be out of scope, as long as there is
> some other (formal or informal) group working on standardizing this. It is
> a high priority for us.
>
> Cheers,
> Brian
>
>
>
>

Received on Friday, 4 November 2011 13:29:40 UTC