W3C home > Mailing lists > Public > public-identity@w3.org > December 2011

Web Crypto API Scope (primary/secondary/out of scope) - gemalto comments

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Sun, 11 Dec 2011 18:20:38 +0100
To: "hhalpin@w3.org" <hhalpin@w3.org>, "public-identity@w3.org" <public-identity@w3.org>
Message-ID: <CCF457F96AE2AC4E85DA8E35C3CD8F0F05D650744A22@CROEXCFWP04.gemalto.com>
Dear all,

you will find here my comments on the current version of the Web Crypto API Scope. 

- On the primary features I feel quite comfortable with the existing list. 

- Nevertheless I can not imagine that the charter is classifying as a secondary feature the  multiple key container configuration. Mobile do have multiple secure storage today (UICC, plus SD, plus sometimes Trusted Execution Environment or MTM, plus  local mobile memory), PC do have multiple storage today (TPM, plus  smart card, plus local PC memory). In June 2013 this will be a common configuration. How will the browser monitor the location of the credentials ? If this WG is only envisaging the storage of credentials in a local memory of the device, then I dont see where the security improvement is. 
--> As a consequence, I would recommend to migrate the multiple key container configuration as a primary feature. 

- The  out of scope session is fair and will definitely the group to stay in the right boundaries. But frankly speaking I can not agree with the vague wording "sophisticated access control mechanism, advanced smartcard or other device-specific features". This boundary will definitely not help the group to make the  decision of what is, and what is not in the scope. I do have  thousands of advanced smart card feature which will fall in the  scope of this API :-). Depending on where industry you come from, you might interpret differently. 
--> This  section definitely need some wording : which feature do you want to avoid ? (I guess there must be an historical background somewhere in the 500 mails exchanged over the public mailing list, but in 6 months it will not be clear to new  comers). 

Hope this makes sense to you, guys. 

Received on Sunday, 11 December 2011 17:23:37 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:09:07 UTC