RE: [+SPAM+]: Re: [hb-secure-services] eIDAS - Problem Solved

Martin,
There were some demos made by some CG members

-          Ciphering/deciphering content on a server, using a key stored in a smart card, accessible via a web app

-          Signing a transaction with a SIM card, from a web app

-          Guys, please complete if I missed something
But no code was shared by the implementers.
Regards,
Virginie


From: Martin Paljak [mailto:martin@martinpaljak.net]
Sent: mercredi 21 décembre 2016 09:06
To: Anders Rundgren <anders.rundgren.net@gmail.com>; Rigo Wenning <rigo@w3.org>; public-hb-secure-services@w3.org
Subject: [+SPAM+]: Re: [hb-secure-services] eIDAS - Problem Solved

I think that the best quote from this thread id "There are ETSI standards that are not implemented. I wonder if they are implementable. And they do not provide access to hardware credentials via web technologies."

Are there any POC-s based on the https://rawgit.com/w3c/websec/gh-pages/hbss.html spec ?

Martin

On Wed, 7 Dec 2016 at 14:15 Anders Rundgren <anders.rundgren.net@gmail.com<mailto:anders.rundgren.net@gmail.com>> wrote:
On 2016-12-07 11:34, Rigo Wenning wrote:
Thanx Rigo,

I (of course) agree 100% with what you are saying.

In fact there are even more basic issues.  As a very experienced JavaCard
technologist expresses it:
https://javacard.vetilles.com/2016/12/06/the-lowest-hanging-card/


"EMV doesn’t work online, mostly because all attempts to introduce card
readers on normal PC’s have failed, so our smart cards are useless here.
And because consumers haven’t been used to use their cards’ chips during
online transactions, they won’t do it on mobile transactions either"

I just got the following comment to a pretty heavily viewed LinkedIn publication
of mine [1]:
https://marcusalmgren.wordpress.com/2016/12/07/the-national-id-card-game-changer/


However, it seems that the eID vendors intend to (at any cost) cling to their
original proposal to the market instead of aligning it to the reality.

Anders
1] https://www.linkedin.com/pulse/eid-smart-card-showdown-approaching-anders-rundgren




> Anders,
>
> eIDAS is solved. But not for the web. I've been in a Workshop in Brussels
> about this in spring 2016 and there was no solution. There are ETSI standards
> that are not implemented. I wonder if they are implementable. And they do not
> provide access to hardware credentials via web technologies.
>
> I know there are people in Brussels claiming that everything around eIDAS
> works fine. But I haven't seen it working. Perhaps Martin has more information.
> But so far, no solution is known to me. Which may be me, or the absence of a
> solution.
>
>  --Rigo
>
> On samedi 3 décembre 2016 05:57:24 CET Anders Rundgren wrote:
>> According to e-government folks eIDAS already addresses digital signatures
>> etc.
>>
>> That is, with respect to e-governments, our work is already concluded.
>>
>> If you believe that eIDAS does not solve the e-government authentication and
>> signature issues , you may need to explain that to the EU and vendors as
>> well.

--

typos expected due to mobile device

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.