W3C home > Mailing lists > Public > public-hb-secure-services@w3.org > December 2016

Re: [hb-secure-services] vs Web Authentication

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 21 Dec 2016 15:21:59 +0100
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-hb-secure-services@w3.org" <public-hb-secure-services@w3.org>
Cc: Rigo Wenning <rigo@w3.org>
Message-ID: <c3995289-2bfd-d4f1-a807-6a5f8875d846@gmail.com>
Virginie,

There's on average 20 times more messages on the Web Authentication mailing list.

Either this topic and CG is uninteresting or the members are not committed.

Which one is it?
What's YOUR plan for the next few months?

Since the browser vendors obviously are busy with Web Authentication, you can safely assume that YOUR team will have to implement everything themselves.

Anders

On 2016-12-21 11:09, GALINDO Virginie wrote:
> Martin,
>
> There were some demos made by some CG members
>
> -          Ciphering/deciphering content on a server, using a key stored in a smart card, accessible via a web app
>
> -          Signing a transaction with a SIM card, from a web app
>
> -          Guys, please complete if I missed something
>
> But no code was shared by the implementers.
>
> Regards,
>
> Virginie
>
>
>
>
>
> *From:*Martin Paljak [mailto:martin@martinpaljak.net]
> *Sent:* mercredi 21 décembre 2016 09:06
> *To:* Anders Rundgren <anders.rundgren.net@gmail.com>; Rigo Wenning <rigo@w3.org>; public-hb-secure-services@w3.org
> *Subject:* [+SPAM+]: Re: [hb-secure-services] eIDAS - Problem Solved
>
>
>
> I think that the best quote from this thread id "There are ETSI standards that are not implemented. I wonder if they are implementable. And they do not provide access to hardware credentials via web technologies."
>
> Are there any POC-s based on the https://rawgit.com/w3c/websec/gh-pages/hbss.html spec ?
>
> Martin
>
>
>
> On Wed, 7 Dec 2016 at 14:15 Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2016-12-07 11:34, Rigo Wenning wrote:
>     Thanx Rigo,
>
>     I (of course) agree 100% with what you are saying.
>
>     In fact there are even more basic issues.  As a very experienced JavaCard
>     technologist expresses it:
>     https://javacard.vetilles.com/2016/12/06/the-lowest-hanging-card/

>
>     "EMV doesn’t work online, mostly because all attempts to introduce card
>     readers on normal PC’s have failed, so our smart cards are useless here.
>     And because consumers haven’t been used to use their cards’ chips during
>     online transactions, they won’t do it on mobile transactions either"
>
>     I just got the following comment to a pretty heavily viewed LinkedIn publication
>     of mine [1]:
>     https://marcusalmgren.wordpress.com/2016/12/07/the-national-id-card-game-changer/

>
>     However, it seems that the eID vendors intend to (at any cost) cling to their
>     original proposal to the market instead of aligning it to the reality.
>
>     Anders
>     1] https://www.linkedin.com/pulse/eid-smart-card-showdown-approaching-anders-rundgren

>
>
>
>     > Anders,
>     >
>     > eIDAS is solved. But not for the web. I've been in a Workshop in Brussels
>     > about this in spring 2016 and there was no solution. There are ETSI standards
>     > that are not implemented. I wonder if they are implementable. And they do not
>     > provide access to hardware credentials via web technologies.
>     >
>     > I know there are people in Brussels claiming that everything around eIDAS
>     > works fine. But I haven't seen it working. Perhaps Martin has more information.
>     > But so far, no solution is known to me. Which may be me, or the absence of a
>     > solution.
>     >
>     >  --Rigo
>     >
>     > On samedi 3 décembre 2016 05:57:24 CET Anders Rundgren wrote:
>     >> According to e-government folks eIDAS already addresses digital signatures
>     >> etc.
>     >>
>     >> That is, with respect to e-governments, our work is already concluded.
>     >>
>     >> If you believe that eIDAS does not solve the e-government authentication and
>     >> signature issues , you may need to explain that to the EU and vendors as
>     >> well.
>
> --
>
> typos expected due to mobile device
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Wednesday, 21 December 2016 14:22:45 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 21 December 2016 14:22:45 UTC