W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: The "korean bank" use-case

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sun, 27 Nov 2011 21:14:53 +0100
Message-ID: <4ED29A3D.5090601@telia.com>
To: channy@gmail.com
CC: "public-identity@w3.org" <public-identity@w3.org>
On 2011-11-27 19:15, Channy Yun wrote:
> 2011/11/28 Anders Rundgren <anders.rundgren@telia.com>
>> On 2011-11-27 16:54, Channy Yun wrote:
>>> Dear all,
>>> Avoiding confusing ... please refer to
>>> http://www.w3.org/community/webcryptoapi/2011/09/15/why-web-crypto-api/
>>> Korean's use-cases and web cryptography.
>> I don't think the DomCrypt use-case fits banks for several reasons like:
>> - The concept of PIN and associated policy is completely missing
>> - Signatures with WYSIWYS seems to be missing as well.
>> If you are really interested in this, I think we should go somewhere
>> else.  US banks are *not* into PKI and signatures.
> Thanks for your comment :)
> But, I think DOMCrypt or (my WebCrypto API) is basically suitable for
> Korean bank use cases for treatment of personal certificate in default use
> of Korean internet banking. PIN and other policy (and OTP) are just 2
> factor authentification and is not related to PKI functions.

EMV-cards have local PINs.  It is not the customer who decides if the
payment credentials should be PIN-protected or not, it is the issuer.

If on-line issuance can't do maintain such a facility there's a
big risk it won't reach very far.  BTW, GlobalPlatform (although
IMHO rather useless in other respects) can actually do that today.
GP is probably the foundation for the Google Wallet.


> I think signatures with WYISIWUS can be made by JS API not browser default
> UI as like old crypto.signText.
> Except US banks, many of European banks and government procuement sites are
> into *PKI and signatures* including Korean sites.
> Channy
Received on Sunday, 27 November 2011 20:15:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC