- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Sat, 13 Jul 2013 07:25:48 +0200
- To: sysapps <public-sysapps@w3.org>
Hi, Although I have stated that a W3C standardization effort in the SE space is "doomed" I surely didn't mean that no work should be done :-) The following document which has been filed as a defensive publication describes an SE trust and security model which is characterized by: - depending on signed JS-code creating a virtual security domain inside of the browser - eliminating the need for the user to grant download of code; it is just transient JS - eliminating the need for the platform to hold trust-anchors of the code-signer - relying on an enhanced SE and associated infrastructure http://webpki.org/papers/PKI/pki-webcrypto.pdf This way of dealing with trust in code accessing an SE is pretty different to what I guess for example the Tizen guys are using in their SE API. OTOH, since the presented scheme only covers single SE use-case, doesn't it make it rather half-baked? It all depends on what you consider useful web-oriented SE operations which is the topic that unfortunately has been postponed. Anders
Received on Saturday, 13 July 2013 05:26:25 UTC