Re: New "Goals" (use-cases) - Is your use-case there, accurately described? from Channy Yun on 2011-12-09 (public-identity@w3.org from December 2011)

From: Channy Yun <channy@gmail.com>
Date: Fri, 9 Dec 2011 23:48:06 +0900
To: Harry Halpin <hhalpin@w3.org>
Cc: public-identity@w3.org
Message-ID: <CAG5Kj5E0QvmLcadgRYye1umOWNeZddHmtC7NNDWq7hhRtDND9g@mail.gmail.com>
2011/12/9 Harry Halpin <hhalpin@w3.org>

> On 12/09/2011 02:52 PM, David Dahl wrote:
>
>> Perhaps I need more coffee - but, I don't see any use cases listed at
>> http://www.w3.org/2011/11/**webcryptography-charter.html#**goals<http://www.w3.org/2011/11/webcryptography-charter.html#goals>or
>> http://www.w3.org/2011/11/**webcryptography-charter.html#**
>> id-other-deliverables<http://www.w3.org/2011/11/webcryptography-charter.html#id-other-deliverables>
>>
> Hmmm - W3C CVS is a bit slow sometimes, but see this text in charter:
>

I want to add some real use-cases in Korea (highly encrypted country :).


>
>    The ability to select credentials and sign statements can be necessary
> to perform high-value finanicial transactions as well as secure
> identity-related claims personal data.
>
>
In case of a bill of credit card or telephone or personal medical data from
hospital, the encrypted messages can be secure because anyone cannot see
that. In Korea, many credit card companies and tax agencies send bills to
customers via email attachement. User can see it by their certificate.
http://www.flickr.com/photos/dracophotos/2698053010 - little weired :(

Most of credit card transaction has been based on card number, expire date
and CVC code. Recently VISA3D was developed similar with pin code. But,
permantly, user certificate issued by credit card is more secure than
previous methods. In Korea, major card companies have already used
certificate based card transations.
http://pds12.egloos.com/pds/200901/01/58/c0046958_495b8c0e6c8f7.png

Most of company used SSL based VPN with pre-installed agent program, but
the method of authentification is just pin code or one-time pasword.
Certificate based VPN in web will be good market to many security companies
and useful to users.
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html



>    The provisioning and use of keys within Web applications can be used
> for scenarios like increasing the security of user authentication and to
> determine whether a particular device is authenticated for particular
> services.
>


Some of contents can be paid by users and web developers can determine
users and devices too.

In that process, maintaining SSL servers for all of web contents are very
big burden for IT companies. Web developers can treat only selected
contents with light secured methods.

I want to add some of use-cases too.

1. Handling S-MIME certificate and encryption and decryption in web based
email system. It's very important problem for company based secret deals
between internatioanl companies.

2. Handling XML Encryption via SOAP in web application. Despite of small
cases, there are still SOAP based XML communications in govenments and big
companies. This naturally can be migrated to web applications.



>
>    The signing and verifying Javascript code libraries can be used to
> determine their trustworthiness.
>
>    Encrypting local storage (via sharing the key identifier with the
> server to decrypt when needed) can make valuable information therein more
> secure.
>
>    The encryption of user communication such as near real-time messaging
> via Web applications.
>
>
>  David
>>
>> ----- Original Message -----
>> From: "Harry Halpin"<hhalpin@w3.org>
>> To: public-identity@w3.org
>> Sent: Friday, December 9, 2011 6:54:55 AM
>> Subject: New "Goals" (use-cases) - Is your use-case there, accurately
>> described?
>>
>> I have to admit I'm disappointed that we haven't had more good use-cases
>> come up on the mailing list, and while lots of people have discussed
>> particular features, very few people have discussed use-cases. Note that
>> without use-cases, we will start withdrawing features. Here's the
>> current list [1].
>>
>> I've done my best with the fairly small bits of text I've gotten to
>> craft some use-cases. Please inspect and make sure the wording is right,
>> and suggest to add/remove use-cases and connect the use-cases to actual
>> features.
>>
>> Also note that we will send this charter to AC review now *after*
>> Christmas break. We could have done it earlier had people been a bit
>> more focused on the mailing list :)
>>
>>     cheers,
>>           harry
>>
>> [1] http://www.w3.org/2011/11/**webcryptography-charter.html#**goals<http://www.w3.org/2011/11/webcryptography-charter.html#goals>
>>
>>
>>
>
>


Channy
---------------------
Tech Evangelist : Web 2.0, Web Standards, Open Source and Firefox
http://channy.creation.net
Received on Friday, 9 December 2011 14:48:57 UTC