- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 09 Aug 2012 20:14:37 +0200
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2012-08-09 19:35, Ryan Sleevi wrote: > On Tue, Aug 7, 2012 at 2:51 AM, Anders Rundgren > <anders.rundgren@telia.com> wrote: >> That is, you must be able to specify PINs including error-count for created keys in order to address banking. >> PINs may also be use-set but matching a bank--defined policy. >> >> Anders >> > > Hi Anders, > > As discussed previously, smart-card specific usages, such as pin > specification, are out of scope. This also fits into the smart card > provisioning scenario, which is also out of scope for the current > efforts. However, thank you for your input into the general problems > that would be faced if they were in scope. > > Please note that we're not necessarily trying to map an existing > application 1:1 onto this API, but moreso to enable a class of > applications. As such, while I realize that some applications may > desire pin specific features, not all applications, including banking > applications, fundamentally require them, thus they can still enable a > rich experience even with 'only' the currently specced work. Hi Ryan, My 10Y+ experience of on-line banking for consumers is that PINs indeed are used by most if not all applications regardless how keys are stored. I understand that this requirement doesn't fit in the current specification, there's not even platform support in Windows, which is a reason why banks write their own client applications. A slight problem for *anybody* trying to create a standard with on-line banking in mind is that banks "by tradition" do not participate in open standardization efforts. Anyway, thank you for taking your time answering this request! Regards, Anders > > Regards, > Ryan > >
Received on Thursday, 9 August 2012 18:15:13 UTC