W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: Use case: Authenticate using eID

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 25 Apr 2013 11:51:39 -0700
Message-ID: <CACvaWvY8L3u++wtAXjB1W6G7rOW4=hxbf2Muw6T=eKL72-JyTw@mail.gmail.com>
To: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
Cc: "arun@mozilla.com" <arun@mozilla.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Apr 24, 2013 at 9:44 AM, Nick Van den Bleeken
<Nick.Van.den.Bleeken@inventivegroup.com> wrote:
> Get access to government applications that require authentication based on your real identity using your eID card (e.g.: to fill in taxes, retrieve birth certificate, ...). Including the option to sign out.
>
> Requirements:
> * Identify an appropriate key (issued by the government) -> query facility
> * Export the certificate, including its certificate chain (the website has to validate that the public key was issued by the government)
> * Use the private key to perform basic cryptographic operations
>
> Kind regards,
>
> Nick Van den Bleeken
> R&D Manager
>
> Phone: +32 3 425 41 02
> Office fax: +32 3 821 01 71
> nick.van.den.bleeken@inventivegroup.com
> www.inventivedesigners.com
>
> ________________________________
>
> Inventive Designers' Email Disclaimer:
> http://www.inventivedesigners.com/email-disclaimer
>

As a clarification/qualification of your use case, as discussed as the
F2F but ideally to be recorded on the list

Your use case requires this functionality be available to any
arbitrary web application, correct? That is, there's no specific list
of origins that should have access (as new services may be started
up), nor is there any other element that limits this access (eg: only
allowing access to keys/certificates issued by CA Foo if the server's
certificate was ALSO issued by CA Foo)
Received on Thursday, 25 April 2013 18:52:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC