RE: Trust model. Re: Secure Element API: preliminary draft from POTONNIEE Olivier on 2013-10-14 (public-sysapps@w3.org from October 2013)

From: POTONNIEE Olivier <Olivier.POTONNIEE@gemalto.com>
Date: Mon, 14 Oct 2013 11:30:42 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
CC: "public-sysapps@w3.org" <public-sysapps@w3.org>, "'Tran, Dzung D'" <dzung.d.tran@intel.com>
Message-ID: <267D4E63A0D73044BFBB4199DA94D805037309386ED3@CROEXCFWP04.gemalto.com>

> On October 13, 2013 8:29 PM, Anders Rundgren wrote:
>
> On 2013-10-10 14:40, POTONNIEE Olivier wrote:
> > A small update on Secure Element API: We started a draft and it is
> now available on github.
>
> I have a couple of questions regarding the trust model between web apps
> and the SE.
> In the draft you mention signed hosted applications as one scenario.
> I could not find any specification for such apps in:
>
> w3.org/TR/runtime/#uri-of-a-packaged-file
>
> Did I look into the wrong document?
>
> I don't fully understand how a web-apps can be given the right to
> directly connect to an SE.  Could you elaborate a bit on this?

The trust model was described in http://www.w3.org/TR/runtime/#trusted-applications: hosted app's manifest is signed, and packaged app's package is signed. The signer has to be trusted. However this proposal might not be the final one, as the SysApps WG is still working on the security model of system applications (see mails on "Privileged and certified-level app" in the mailing list).
Also note that the above mechanism controls the access to the API. In addition the SE itself may (and should) implement additional access control mechanisms to make sure the application requests are authorized (e.g. PIN, or GlobalPlatform's secure messaging and access control). But this second level of control it out of the scope of the W3C API.

--
Olivier

> >
> > http://opoto.github.io/secure-element/
> > github project: https://github.com/opoto/secure-element
> >

This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Monday, 14 October 2013 09:31:48 UTC