RE: Secure Element API: Acces Control

> From: erwan.louet@orange.com [mailto:erwan.louet@orange.com]
> Sent: Thursday, April 10, 2014 1:44 AM
> To: POTONNIEE Olivier; public-sysapps@w3.org
> Subject: RE: Secure Element API: Acces Control
>
> Olivier,
>
> I have some feedback on the draft :
>
> - restricting access control to only author signature seems not aligned
> with Global Platform, which states that all signatures shall be
> checked. In the context of W3C this means that distributor signatures
> (if any) must also be checked

[Olivier] In the case of Web Applications, there is no signature for now. So we define the one we need. I initially thought the author would be the most appropriate, but distributor could be an alternative. Or we could have both, but only one would be used for access control, so I don't think it would be useful.
I raised a github issue to track this: https://github.com/opoto/secure-element/issues/7

> - this extends to the certificate chain check (bottom to top), again as
> specified in GlobalPlatform the enforcer must try all certificates in
> the chain.
>
> This is how things are implemented in Tizen currently. I don't believe
> this adds much work to the UA developers.

[Olivier] You are right, we need to detail how we process certificate chains
I raised a github issue to track this: https://github.com/opoto/secure-element/issues/8

Thanks
--
Olivier


This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Friday, 11 April 2014 04:13:53 UTC