Re: please review table of contents for web certificate API Specification from Nick Van den Bleeken on 2013-04-01 (public-webcrypto-comments@w3.org from April 2013)

From: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
Date: Mon, 1 Apr 2013 18:04:43 +0000
To: Aymeric Vitte <vitteaymeric@gmail.com>
CC: Anders Rundgren <anders.rundgren@telia.com>, Mountie Lee <mountie@paygate.net>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <9345F4EA-77DB-4897-9625-2D03C5FAC383@inventivegroup.com>

>>> >
>>> >Anders,
>>> >
>>> >Yes things are already available if you want to create your own
>>> >certificate stuff, but what's the problem with having an API designing
>>> >this instead of everybody making his own ?
>> If you look closely on my reply to Mountie, I noted that he is also targeting
>> the system/platform/browser keystore.  This is (AFAICT...),_way_  outside of the
>> Web Crypto agenda and that's more significant than if storing certificates in
>> IndexDB is quirky compared to a high-level Web Crypto method doing something similar.
> I will look closely
For us (the company I work for) being able to discover and use certificates installed in the system/platform/browser keystore is a must to solve our use case. Today we are using an applet, which is far from ideal (and getting a bigger problem with the current java security problems) to get access to certificates and their public/private key.

We are currently prototyping a X509 Certificate Selector API which is closely integrated with the Web crypto API. I think that it will be feasible to have the use case(s), X509 Certificate Selector API, some examples, documentation and an early prototype of the API as a native extension for current browsers on Mac and Windows (with access to system keystone, but no UI for certificate/key sharing yet (we will work on prototyping a UI in the next coming weeks)) on our corporate github account.

We hope that these resources could lead to a discussion about the use cases related to accessing smart cards and USB security tokens on the web. Using smart cards to identify people is getting more common in Europe, because governments are providing them as ID-card. Therefore it would be nice if they could be used on the web, without any extension, to identify people, and sign documents.

Kind regards,

Nick Van den Bleeken

________________________________

Inventive Designers' Email Disclaimer:
http://www.inventivedesigners.com/email-disclaimer

Received on Monday, 1 April 2013 18:05:26 UTC