W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

From: David Dahl <ddahl@mozilla.com>
Date: Mon, 6 Jun 2011 09:41:15 -0700 (PDT)
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: public-web-security@w3.org, "Richard L. Barnes" <rbarnes@bbn.com>
Message-ID: <818287458.125816.1307378475026.JavaMail.root@zimbra1.shared.sjc1.mozilla.com>


----- Original Message -----
From: "Anders Rundgren" <anders.rundgren@telia.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
Cc: "David Dahl" <ddahl@mozilla.com>, public-web-security@w3.org
Sent: Monday, June 6, 2011 11:16:03 AM
Subject: Smart Card support. Re: Request for feedback: DOMCrypt API proposal

> Although I'm not a DOMCrypt champion, I think this is where DOMCrypt
shouldn't go.  PKCS #11 and Smart Cards are very complex and unsuitable
for web programming.  The biggest smart card maker Gemalto launched a
web-interface for smart cards a few years back called SCConnect.

Smart card support is on the 'back burner' for sure, however, I have gotten a lot of questions about how there can be a collaboration on smart card and 'crypto key' usage w/ DOMCrypt.

> http://www.smartcardalliance.org/articles/2007/11/13/gemalto-receives-best-software-sesames-award-with-sconnect

> Just to make things even more fun, both myself and Microsoft are
working with new smart card interfaces to the web.  MSFT's is
currently secret but mine is not:

> http://webpki.org/auth-token-4-the-cloud.html

I will keep all of these links for further reading

> I have taken this idea a bit further and thus mandate a specific
"Web Token" architecture.

Sounds good. I'll be watching your project.

Cheers,

David
Received on Monday, 6 June 2011 16:41:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC