- From: Siva Narendra <siva@tyfone.com>
- Date: Wed, 11 Mar 2015 14:32:29 -0700
- To: Harry Halpin <hhalpin@w3.org>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Charles Engelke <w3c@engelke.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>
- Message-ID: <CAJhTYQy58ohSTA9PrTCGT+QRmWZtqJN9SXd_TcPd4rFTr-dYZA@mail.gmail.com>
Thank you Harry. -Siva *--* *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore | Taipeiwww.tyfone.com <http://www.tyfone.com>* *Voice: +1.661.412.2233* On Wed, Mar 11, 2015 at 2:27 PM, Harry Halpin <hhalpin@w3.org> wrote: > > > On 03/11/2015 09:59 PM, Siva Narendra wrote: > > +adding Pub-Web-Security for continuity from the Workshop > > > > Thank you Harry. Few questions: > > > > 1. Does this mean "FIDO will not be implemented under this WG?" > > 2. Is the statement "All the web browser implementers do not want to > > support hardware tokens or anything that is outside of cryptography in > > within the scope of WG?" or "One browser vendors does not want to > support > > anything other than FIDO?" > > I think the answer should be: > > 1) FIDO will not be implemented under the Web Crypto Working Group, but > may be pursued in another WG. > > 2) Hardware token support, both in a manner consistent with a revised > Gemalto proposal that takes on board feedback like respect for > same-origin policy, should be pursued in another Working Group, but not > in the WebCrypto WG. > > Does that help? > > The real question now is what the shape and charter(s) of the new > Working Groups will be, along with associated time-frames. > > There have been formal Member submissions neither from the smartcard > vendors or FIDO, but lots of informal discussion. However, the workshop > did reach consensus that hardware token support should be part of the > Open Web Platform, and the W3C would like to follow this up with one or > more new Working Groups if the work does not match existing Working Groups. > > > As the discussion in Web Crypto WG shows, it does not match at the time > being as the implementors want to focus on algorithm maintenance and > finishing version 1.0. > > If opinions have drastically changed since the workshop, we would like > to revisit that consensus via a survey of W3C members but we are hoping > there is still consensus and momentum. > > cheers, > harry > > > > > > > > This is important for the eco-system to know so we can determine if this > > work should be pursued inside W3C or outside. > > > > Thank you, > > Siva > > > > > > > > > > *--* > > > > > > *Siva G. Narendra Ph.D. CEO - Tyfone, Inc.Portland | Bangalore | > > Taipeiwww.tyfone.com <http://www.tyfone.com>* > > *Voice: +1.661.412.2233* > > > > > > On Wed, Mar 11, 2015 at 11:16 AM, Harry Halpin <hhalpin@w3.org> wrote: > > > >> > >> > >> On 03/11/2015 07:08 PM, Charles Engelke wrote: > >>> I'm new to this WG and W3C in general, so I may be missing points on > >>> how this works. But until today that draft did include adding new use > >>> cases. Today that was revised to say "the Web Crypto WG will not > >>> adress any new use case others then the ones developed with the first > >>> version of the Web Crypto API." > >>> > >>> Did I miss the process that made this change? > >> > >> There was strong objections from members of the Working Group, in > >> particular implementers that are on public record. > >> > >> Thus, while the W3C is still committed do finding an appropriate home > >> for these use-cases and associated standards, it will not be this > >> Working Group. > >> > >> If you have a particular use-case and proposed technical solution that > >> you think would be acceptable to implementers, e-mail the Web Security > >> Interest Group at public-web-security@w3.org. > >> > >> cheers, > >> harry > >> > >>> > >>> Thanks, > >>> > >>> Charlie > >>> > >>> On Wed, Mar 11, 2015 at 1:13 PM, GALINDO Virginie > >>> <Virginie.Galindo@gemalto.com> wrote: > >>>> Dear all, > >>>> > >>>> You will find here > >>>> https://www.w3.org/Security/wiki/IG/webcryptonext_draft_charter the > >> basis of > >>>> the next Web Crypto WG charter. > >>>> > >>>> Based on the feedback on this mailing list, despite the long > >> discussions we > >>>> had related to new features such as crypto service in secure element, > >>>> certificate management, authentication management, this charter only > >>>> adresses the maintenance of the Web Crypto API, and the creation of > >>>> extension for specific algorithms. > >>>> > >>>> What I am expecting from working group participants now is the > >> algorithms > >>>> they would like to see as extension of the Web Crypto API. This will > >> help us > >>>> to get a list of the extension we plan to adress in the framework of > >> that > >>>> specific working group. > >>>> > >>>> Please note that there are some discussions in AC forum about > >> restricting > >>>> activities of any WG that does not work under a valid charter. Our > >> charter > >>>> will expire on the 31st of March, as such, we should try to get > >> consensus on > >>>> the new charter as soon as possible (or we will have to ask an > >> extension to > >>>> W3C director). > >>>> > >>>> > >>>> > >>>> Regards, > >>>> Virginie Galindo > >>>> gemalto > >>>> chair of the web crypto WG > >>>> > >>>> > >>>> ________________________________ > >>>> This message and any attachments are intended solely for the > addressees > >> and > >>>> may contain confidential information. Any unauthorized use or > >> disclosure, > >>>> either whole or partial, is prohibited. > >>>> E-mails are susceptible to alteration. Our company shall not be liable > >> for > >>>> the message if altered, changed or falsified. If you are not the > >> intended > >>>> recipient of this message, please delete it and notify the sender. > >>>> Although all reasonable efforts have been made to keep this > transmission > >>>> free from viruses, the sender will not be liable for damages caused > by a > >>>> transmitted virus. > >>> > >> > >> > > >
Received on Wednesday, 11 March 2015 21:33:15 UTC