Re: Web Cryptography Working Group scoping progressing... from Harry Halpin on 2011-11-11 (public-identity@w3.org from November 2011)

From: Harry Halpin <hhalpin@w3.org>
Date: Fri, 11 Nov 2011 11:26:15 +0100
To: channy@gmail.com
CC: David Dahl <ddahl@mozilla.com>, Brian Smith <bsmith@mozilla.com>, public-identity@w3.org
Message-ID: <4EBCF847.7090807@w3.org>

On 11/07/2011 11:24 AM, Channy Yun wrote:
> Hi, all.
>
> I know your first job is the primitive APIs for cryptography.
>
> But, many of use-cases in Cryptography API focused in CA service 
> system with personal certificates.
> But, this is hard to consider another working group because of PKI 
> based systems.
> (Most of countries has own national CA system based on plug-in issuing 
> personal certificate such as China, Japan, Spain and Brazil etc.)
>
> How about adding parallel works for _Web Certificates (Service) API_ 
> supporting these one?
> We can add these as a scope including TLS/SSL based login/out with 
> personal certificate and its management api(backup, restore)
> and follow up HSM based certificate.

Is there any sample API that fulfills what you want, ideally one already 
being worked in web browsers?

I'm ok with that being "maybe" in scope but to do not want another API 
and would prefer to keep the scope minimal, i.e. for this WG to stay 
away from certificates per se (minus keeping functionality such as the 
aforementioned log out work that we might otherwise accidently deprecate).

However, not all news is bad - I'm currently pushing for a workshop 
around the issues of Web Certificates in the spring of next year (which 
could lead to another WG focussing on the thorny issues of CAs) and we 
can put that in the "roadmap" for future work.

>
> p.s. of course, it's not only secure authentification, but also needs 
> with connection of two factor method.
>
>
> Channy
> ---------------------
> Tech Evangelist : Web 2.0, Web Standards, Open Source and Firefox
> http://channy.creation.net
>
>
>
>
>
> 2011/11/4 David Dahl <ddahl@mozilla.com <mailto:ddahl@mozilla.com>>
>
>     I think this is something that we can keep on a "roadmap". The
>     scope of the crypto API will necessarily be narrow for the first
>     iteration, adding any kind of UI is something we should plan for
>     in a later iteration.
>
>     Cheers,
>
>     David
>
>     ----- Original Message -----
>     From: "Brian Smith" <bsmith@mozilla.com <mailto:bsmith@mozilla.com>>
>     To: channy@gmail.com <mailto:channy@gmail.com>
>     Cc: public-identity@w3.org <mailto:public-identity@w3.org>
>     Sent: Thursday, November 3, 2011 6:44:31 PM
>     Subject: Re: Web Cryptography Working Group scoping progressing...
>
>     Channy Yun wrote:
>     > 3) Some of functions as like key pare generation and digital
>     signature
>     > generation require browser's user interface. It needs universal
>     > interface guideline for security issues.
>
>     Are smartcard digital signatures on transactions like the ones
>     required in e-commerce / e-banking transactions in Korea, China,
>     and elsewhere (tied to "real" legal identities) going to be
>     considered in scope? From reading the draft scope document, I got
>     the impression that this would be out of scope. I think it is OK
>     for it to be out of scope, as long as there is some other (formal
>     or informal) group working on standardizing this. It is a high
>     priority for us.
>
>     Cheers,
>     Brian
>
>

Received on Friday, 11 November 2011 10:26:16 UTC