RE: Proposed API extension for Fido U2F devices from GALINDO Virginie on 2014-02-11 (public-webcrypto-comments@w3.org from February 2014)

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Tue, 11 Feb 2014 17:13:00 +0100
To: Anders Rundgren <anders.rundgren.net@gmail.com>
CC: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <239D7A53E5B17B4BB20795A7977613A401E2DE19FB5F@CROEXCFWP04.gemalto.com>

Thanks for your comment, but I believe you are mixing
- raw access to smart card using APDU (which is not what we are talking about in web crypto)
- NFC communication (which is not what we are talking about in web crypto)
- specific services provided by hardware token (which is what we may talk about one day in web crypto)
- SIM card (which is just one possible specific form factor of a hardware token)

Virginie


-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
Sent: mardi 11 février 2014 16:06
To: GALINDO Virginie
Cc: public-webcrypto-comments@w3.org
Subject: RE: Proposed API extension for Fido U2F devices

http://lists.w3.org/Archives/Public/public-webcrypto-comments/2014Feb/0009.html

"The U2F use case is one specific use case which is bringing new features to the web crypto API. I do not see why the existence of the U2F would preclude the discussion related to the integration of hardware token (or any secure element) in the web crypto, for which we have imagined to have a workshop this year. Note that It is still on my side to propose a strawman proposal for the workshop"

Since SIM-cards are locked by operators there's little point with an SE interface to WebCrypto, it will most certainly go the same way the WAP/WSIM interface once did; in the toilet.
As Ryan mentioned in http://lists.w3.org/Archives/Public/public-webcrypto-comments/2014Feb/0008.html ISO 7816 is probably not the right technical foundation either.

If the operators (=the actual customers) and Gemalto still believe this is interesting it seems more logical running a combined standardization/open source effort together with them.

Related: http://letstalkpayments.com/google-says-goodbye-carrier-based-nfc-systems

Anders

This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Tuesday, 11 February 2014 16:13:25 UTC