W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > October 2012

Re: W3C takes on Web+SecurityElements

From: Richard Barnes <rbarnes@bbn.com>
Date: Mon, 8 Oct 2012 13:04:55 -0400
Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-Id: <2A2C895F-61CA-4ADA-84D4-F7967077FD99@bbn.com>
To: Anders Rundgren <anders.rundgren@telia.com>
In particular, this part of the charter seems relevant, given the possibility of the crypto API providing access to "secure elements" [1]:

"
Secure Elements API
An API enabling the discovery, introspection, and interaction with hardware tokens (Secure Elements) that offer secure services such as tamper-proof storage, cryptographic operations, etc. Example: Gemalto Secure Elements.
"

Virginie, could you comment on how this [2] differs from what we're working on here?  Presumably it would be desirable for the "commands" and callbacks used in the Secure Elements "channels" to have some relation to the methods exposed by the WebCrypto API?  Or are they different enough that Secure Element / hardware stuff should be handled through Secure Elements, and WebCrypto can ignore hardware issues?



[1] Note that in this case "element" != "DOM Element".  
[2] <http://lists.w3.org/Archives/Public/public-sysapps/2012Jun/0058.html>


On Oct 6, 2012, at 5:00 AM, Anders Rundgren wrote:

> On 2012-10-06 10:47, Ryan Sleevi wrote:
>> I believe you meant to send this to the SysApps list, which would be a more appropriate place to provide feedback on the SysApps charter.
> 
> SysApps do not have a "-comments" list.
> 
> Anyway, WebCrypto and Security Elements are (hopefully) not completely unrelated.
> 
> Anders
> 
>> 
>> On Oct 6, 2012 1:29 AM, "Anders Rundgren" <anders.rundgren@telia.com <mailto:anders.rundgren@telia.com>> wrote:
>> 
>>    http://www.w3.org/2012/09/sysapps-wg-charter
>> 
>>    I can't on top of my head come up with anything that could possibly be
>>    more difficult uniting vendors around.  If you for example want to
>>    do something with smart cards you typically have to sign an NDA.
>> 
>>    Trying to squeeze in GlobalPlatform, TPMs, PIV, etc. in an API and calling
>>    that a standard will give a completely new meaning to the word standard :-)
>> 
>>    Due to this, I have come to the conclusion that it is faster, better,
>>    and less politically awkward starting in the opposite end:
>> 
>>        Defining a truly "webbish" Security Element.
>> 
>>    Anders
>> 
> 
> 
Received on Monday, 8 October 2012 17:05:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 8 October 2012 17:05:41 GMT