With the ownership of the key based on SOP that is not cognizant of tampering (as of now), I am afraid that any discussion of signatures will be futile, they cannot be used for non-repudiation, at the end of the day. http://lists.w3.org/Archives/Public/public-webcrypto/2013Apr/0247.html On 5/6/13 10:38 AM, "Lu HongQian Karen" <karen.lu@gemalto.com<mailto:karen.lu@gemalto.com>> wrote: Hi Arun, Here are the two use cases that I have talked about at the recent F2F meeting. Cross-origin use cases: 1. Asymmetric key use case: A healthcare association (origin 1) issued Dr. Smith an X.509 certificate and the corresponding private key. Dr. Smith accesses an e-prescription service (origin 2) and uses her private key to sign e-prescriptions. 2. Secret key use case: Danny signed up at a cloud storage (origin 1) that created him a secret access key and persisted it through Danny’s UA. Danny stores his 3D model data in the cloud storage. He then uses an online 3D printing service (origin 2) to print his model. To access Danny’s model in Origin 1, Origin 2 needs to use Danny’s secret key. Danny tells Origin 2 certain attribute(s) of his key. The Origin 2 finds the key object through the UA and uses the key to sign API requests for getting the model from cloud storage. Although these two use cases are out of the current WG scope. It’ll be good to collect them for future work. Regards, Karen
Received on Tuesday, 7 May 2013 15:15:23 UTC