Re: Proposed work item: WebKMS from Orie Steele on 2019-11-23 (public-credentials@w3.org from November 2019)

From: Orie Steele <orie@transmute.industries>
Date: Sat, 23 Nov 2019 11:22:40 -0600
To: Oliver Terbu <oliver.terbu@consensys.net>
Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAN8C-_+Miw31ZNW5yUFVrX2b+hGfpr5f=ROT3MqH0hviW3QPrQ@mail.gmail.com>

Oliver, thanks for that link very interesting.

On first glance, these appear to be addressing some slightly different use
cases.

CSC appears to be focused on standard OAuth reliant API for remote
digital signatures, whereas webkms appears to be a facade on KMS
interfaces, with a not yet formalized authorization framework (although
ZCaps are mentioned).

I could see WebKMS being used underneath CSC potentially, to support
pluggable KMS integration.

I'm also interested in supporting this work, particularly around support
for https://www.w3.org/TR/WebCryptoAPI/#dfn-Crypto

I worry about the requirement for a standard HTTP API, does this mean that
webkms can ONLY be used to expose a kms with the ability to handle http
requests? I think this would eliminate the integration I mention above,
namely, a common interface for both browser and server cryptographic
interfaces...

ᐧ

On Sat, Nov 23, 2019 at 10:53 AM Oliver Terbu <oliver.terbu@consensys.net>
wrote:

> How would the WebKMS work relate to the Cloud Signature Consortium:
> https://cloudsignatureconsortium.org/ /
> https://cloudsignatureconsortium.org/wp-content/uploads/2019/07/CSC_API_V1_1.0.4.0.pdf ?
> Seems like there is a lot of overlap!
>
> Oliver
>
> On Sat, Nov 23, 2019 at 5:39 PM Manu Sporny <msporny@digitalbazaar.com>
> wrote:
>
>> Cryptographic authentication systems enable machines, individuals, and
>> organizations to more securely interact with one another. These systems
>> often use public-private key cryptography or encryption mechanisms in
>> order to manage cryptographic material as well as operations utilizing
>> that material. This specification provides a common data model and
>> interface for interacting with these systems enabling one to perform
>> secure cryptographic operations such as keypair creation, wrapping and
>> unwrapping, signing, encrypting, and decrypting.
>>
>> https://digitalbazaar.github.io/webkms/
>>
>> At this time, we are seeking another implementer that is willing to
>> collaborate on maturing remote key management on the Web and be a
>> co-sponsor/editor on the specification.
>>
>> The request to add this as a work item to the CCG is here:
>>
>> https://github.com/w3c-ccg/community/issues/99
>>
>> -- manu
>>
>> --
>> Manu Sporny (skype: msporny, twitter: manusporny)
>> Founder/CEO - Digital Bazaar, Inc.
>> blog: Veres One Decentralized Identifier Blockchain Launches
>> https://tinyurl.com/veres-one-launches
>>
>>

-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>

Received on Saturday, 23 November 2019 17:22:55 UTC