W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2013

Re: Use case: Authenticate using eID

From: Arun Ranganathan <arun@mozilla.com>
Date: Tue, 7 May 2013 15:08:09 -0400
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-Id: <97DCCFE2-329F-4501-94AB-D0FA0CC4A2B4@mozilla.com>
To: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
Nick,


On Apr 24, 2013, at 12:44 PM, Nick Van den Bleeken wrote:

> Get access to government applications that require authentication based on your real identity using your eID card (e.g.: to fill in taxes, retrieve birth certificate, ...). Including the option to sign out.
> 
> Requirements:
> * Identify an appropriate key (issued by the government) -> query facility
> * Export the certificate, including its certificate chain (the website has to validate that the public key was issued by the government)
> * Use the private key to perform basic cryptographic operations


Looks like Ryan's already asked the questions I had.  IF the answer is that arbitrary origins that cannot enter into a "code agreement" (caller/callee) drive this use case, then I'm not sure we're working on technology that can cater to this use case.  I do think that a subset of this use case can be achieved with a cross-origin model, which is why I think it may be one of our more compelling use cases (and I'm optimistic we'll have a "flagship" cross-origin use case that illustrates what can be done outside origin-restricted use of this API).

In general, I'll create a  "documented for posterity" section in the use cases document, provided we make it clear that we're not pursuing a solution to those use cases within our API.

-- A*
Received on Tuesday, 7 May 2013 19:08:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:17 UTC