W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2014

WebCrypto.Next conference conclusions

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Fri, 12 Sep 2014 08:55:04 -0700
Message-ID: <54131758.6080908@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>
Hi Guys,
The conclusion was to include support for security hardware for more
traditional smart card applications that are already widely deployed.

My personal belief is that this does not mean retrofitting the web for
the existing very diverse set of cards out there because this would lead
to "Driver Hell".  There were also moderate interest in supporting
smart cards at the APDU-level although that (on paper) would give
support for every card.

As a Google representative  said: I don't think many web-developers
would be able to write a login solution based on APDUs.  So right!!!

So what does that lead us?  IMO, the only workable solution is creating
a "WebToken" along the lines of FIDO but using a different access control/
mediation mechanism to get away from the SOP constraint which does
not match current use of smart cards.

If this actually succeeds it would be no less than a revolution!

Anders
Received on Friday, 12 September 2014 15:55:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:39 UTC