W3C home > Mailing lists > Public > public-web-security@w3.org > March 2015

Signing with smart cards on the web: a practical API

From: Martin Paljak <Martin.Paljak@ria.ee>
Date: Mon, 16 Mar 2015 10:07:59 +0000
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, Siva Narendra <siva@tyfone.com>, Harry Halpin <hhalpin@w3.org>
CC: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Charles Engelke <w3c@engelke.com>
Message-ID: <42EA78FDC790EA45A2895E1D109362E81D1883A8@exc1.ria.ee>

It is obvious to me, that in the current framework of WebCryptoAPI there is no room for smart card backed keys in a useful form, in reasonable timeframe.

So instead of trying to fit into the framework where it does not want to fit, I set out to make a separate API to the existing solutions (plugins, extensions, localhost services) that bridge the gap between websites and platform-provided keys. This is an API that "looks lik" WebCrypto, to the extent that it hooks itself to window.hwcrypto (maybe it should be window.platformcrypto to make the point clear?)

The targets should describe themselves:


And the initial "specification" is very simple and straightforward, but does the job and is probably re-usable across EU, at least.

There is a set of requirements for the native code components, that are not yet published properly, but shall be appendix for the specificaiton, something we did while implementing the Chrome extension native components:


Any kind of feedback is highly appreciated.

Received on Monday, 16 March 2015 10:08:27 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 March 2015 10:08:27 UTC