Re: About Web Crypto WG rechartering, next steps and related topics

Colin,
The web crypto next was a workshop name. The web crypto WG is still alive,  working with the same charter, same scope, it was created for,  which has been extended several time.
Regards,
Virginie


---- Colin Gallagher a écrit ----

What is presently the status of the Web Crypto Next charter(ing)?

(ref.:  https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/report.html )

On Wed, Feb 18, 2015 at 4:41 AM, GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>> wrote:
Dear all,

(web security chair hat on)

a lots of interesting and very diverse conversation going on here. I just would like to remind the segmentation of topics and ownership in W3C in ordre to help people to send their use cases, contributions and thoughts to the appropriate location :

- Web Crypto next charter
The charter will include anything related to cryptographic operation. At the moment, the WG targets the maintenance of the specification to include new algorithms (aka new curve familly). The group is currently discussing the gemalto proposal for certificate management, integrating the usage of hardware token for cryptographic operation, with no consensus on that matter. if you are willing to support one of those topic, please speak on the public-webcrypto mailing list [1].

- FIDO Alliance and authentication service
The topic of authentication is currenlty owned and discussed by FIDO Alliance. the level of service expected there is about enrollement and authentication opertaions. That technology is backed by a strong strategy by Microsoft and Google. I suggest we let FIDO Alliance decide when they are ready to input to W3C their contribution in terms which are compliant with W3C IP policy.

- Web Payment services
That topic is discussed in the Web Payment Interest group, whihc is currently gathering use cases. There are no technical requirements, no technical proposal endorsed in the IG as of today. It may happen that the Web Payment IG ends with that kind of consensual requirements. I can only encourage people interested in payment to join the IG or at least monitor their deliverables [2].

- Any service accessing secure element
That topic will not be adressed in the Web Crypto next charter, it has been rejected by main browser makers attending that WG. The way to go on the discussion could be either to create a W3C community group, it is very light and easy to manage and join. But there is another possibility : from what I see, GlobalPlatform is willing to host the discussion in ordre to allow all players to design a flexible technical solution, allowing browser to integrate in a flexible way any services using hardware token. GP will soon open a public working group, with an IP policy compliant with W3C one, to discuss that.

Again, that mail is not to prevent you to share here your ideas and comments, but gives you guideline to make sure your are heard in the appropriate group(s).

Regards,
Virginie
chair of the Web Security IG


[1] https://lists.w3.org/Archives/Public/public-webcrypto/
[2] http://www.w3.org/Payments/IG/
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.