Re: Google Wallet and the "Korean bank" use-case

On 2011-11-29 16:11, Richard L. Barnes wrote:
> Hi Anders,
> You've mentioned Google Wallet several times.  Could you explain
> why you think it's important for the development of a web crypto API?

Harry took up the "Korean bank" use-case.  Unless the solution
meet financial industry standards or expectations, I would
(as I have motioned several times...) put this path to rest because
none of the browser vendors have any reason implementing it since they
already have [pretty under-performing] enrollment solutions.

> In particular, what do you mean by "the strength of Google Wallet"?
> Do you mean that the web crypto API must be able to provide crypto
> strong enough to support applications Google Wallet?  (That is,
> equivalent to what Google Wallet uses today.)

This is a discussion point but what I mean is that the *architecture*
must be able to support GlobalPlatform-like enrollment.  The bottom line
is that for example in Korea and Sweden have been forced writing their
own stuff which was the origin both for mine and Channy Yun's work.

That this is a difficult topic is demonstrated by the fact the US
Government's PIV card doesn't cover the enrollment which has lead
to skyrocketing costs and very limited adoption outside of their
jurisdiction.  NIST blew it big-time.  Hopefully NSTIC will take a
new fresh look at this.

BTW, GlobalPlatform is not a "Crypto API"; it is system, and IMO that
is what is called for.


> --Richard
> On Nov 29, 2011, at 1:11 AM, Anders Rundgren wrote:
>> Since I was mentioned by Harry as a possible contributor I would like to summarize
>> my input:
>> A new on-line system system must at least have the strength of the Google Wallet
>> which presumably is built around GlobalPLatform.
>> That the Google Wallet currently is secret is IMO a major obstacle for a fruitful
>> discussion.
>> Maybe a "Googler" could comment on this?
>> Anders Rundgren

Received on Tuesday, 29 November 2011 20:41:42 UTC