W3C home > Mailing lists > Public > public-web-security@w3.org > March 2015

Restarting the "Smart Cards for the Web" Discussions

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 20 Mar 2015 07:35:10 +0100
Message-ID: <550BBF9E.4020509@gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
Since these discussions seem to end-up in veritable "flame-wars", without any technical substance whatsoever, I suggest that we try (to the best of our ability...), to take one issue at a time and see where that leads us.  I'm counting on Virginie collecting and monitoring the issues.

May I start with one issue?

"Dealing with different security hardware"

There are many types of Security HW and systems.  Their interfaces are ranging from low-level ISO 7816 APDUs to high-level TEE schemes[1,2] where the input may be a transaction request and the output a transaction response while device I/O is taken over by the TEE.

Question: How is this variation supposed to be dealt with?

Cheers,
Anders

1] http://www.globalplatform.org/specificationsdevice.asp
2] http://ipt.intel.com/Libraries/Documents/Technology_Overview_-_Intel%C2%AE_Identity_Protection_Technology_with_PKI.pdf
Received on Friday, 20 March 2015 06:36:04 UTC

This archive was generated by hypermail 2.3.1 : Friday, 20 March 2015 06:36:04 UTC