Re: [hb-secure-services] eIDAS - Problem Solved from Martin Paljak on 2016-12-21 (public-hb-secure-services@w3.org from December 2016)

From: Martin Paljak <martin@martinpaljak.net>
Date: Wed, 21 Dec 2016 08:06:17 +0000
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Rigo Wenning <rigo@w3.org>, public-hb-secure-services@w3.org
Message-ID: <CACsm3DVn=tSkrYAMNKXaddP4Wv6rAQFbwvcsUTWTgKHNmCiTpw@mail.gmail.com>

I think that the best quote from this thread id "There are ETSI standards that
are not implemented. I wonder if they are implementable. And they do
not provide
access to hardware credentials via web technologies."

Are there any POC-s based on the
https://rawgit.com/w3c/websec/gh-pages/hbss.html spec ?

Martin

On Wed, 7 Dec 2016 at 14:15 Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> On 2016-12-07 11:34, Rigo Wenning wrote:
> Thanx Rigo,
>
> I (of course) agree 100% with what you are saying.
>
> In fact there are even more basic issues.  As a very experienced JavaCard
> technologist expresses it:
> https://javacard.vetilles.com/2016/12/06/the-lowest-hanging-card/
>
> "EMV doesn’t work online, mostly because all attempts to introduce card
> readers on normal PC’s have failed, so our smart cards are useless here.
> And because consumers haven’t been used to use their cards’ chips during
> online transactions, they won’t do it on mobile transactions either"
>
> I just got the following comment to a pretty heavily viewed LinkedIn
> publication
> of mine [1]:
>
> https://marcusalmgren.wordpress.com/2016/12/07/the-national-id-card-game-changer/
>
> However, it seems that the eID vendors intend to (at any cost) cling to
> their
> original proposal to the market instead of aligning it to the reality.
>
> Anders
> 1]
> https://www.linkedin.com/pulse/eid-smart-card-showdown-approaching-anders-rundgren
>
>
>
> > Anders,
> >
> > eIDAS is solved. But not for the web. I've been in a Workshop in Brussels
> > about this in spring 2016 and there was no solution. There are ETSI
> standards
> > that are not implemented. I wonder if they are implementable. And they
> do not
> > provide access to hardware credentials via web technologies.
> >
> > I know there are people in Brussels claiming that everything around eIDAS
> > works fine. But I haven't seen it working. Perhaps Martin has more
> information.
> > But so far, no solution is known to me. Which may be me, or the absence
> of a
> > solution.
> >
> >  --Rigo
> >
> > On samedi 3 décembre 2016 05:57:24 CET Anders Rundgren wrote:
> >> According to e-government folks eIDAS already addresses digital
> signatures
> >> etc.
> >>
> >> That is, with respect to e-governments, our work is already concluded.
> >>
> >> If you believe that eIDAS does not solve the e-government
> authentication and
> >> signature issues , you may need to explain that to the EU and vendors as
> >> well.
>
>
> --

typos expected due to mobile device

Received on Wednesday, 21 December 2016 08:07:06 UTC