W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2014

Re: WebCrypto.Next conference conclusions

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Thu, 18 Sep 2014 21:46:10 -0400
Message-ID: <541B8AE2.7060705@digitalbazaar.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments CG <public-webpayments@w3.org>
On 09/12/2014 11:55 AM, Anders Rundgren wrote:
> The conclusion was to include support for security hardware for more 
> traditional smart card applications that are already widely
> deployed.

Did the FIDO stuff factor into the discussion anywhere?

> My personal belief is that this does not mean retrofitting the web
> for the existing very diverse set of cards out there because this
> would lead to "Driver Hell".  There were also moderate interest in
> supporting smart cards at the APDU-level although that (on paper)
> would give support for every card.
> 
> As a Google representative  said: I don't think many web-developers 
> would be able to write a login solution based on APDUs.  So right!!!

+1

> So what does that lead us?  IMO, the only workable solution is
> creating a "WebToken" along the lines of FIDO but using a different
> access control/ mediation mechanism to get away from the SOP
> constraint which does not match current use of smart cards.

Who is "us"? What would the "WebToken" be used for? What would we use
instead of the same-origin policy? Could you expand on this bit a little
more? I'm not following what you're saying.

> If this actually succeeds it would be no less than a revolution!

Since I don't follow, I don't understand why it would be a revolution.
Specifically what part would be a revolution?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Friday, 19 September 2014 01:46:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:39 UTC