- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Tue, 29 Nov 2011 21:41:06 +0100
- To: "Richard L. Barnes" <rbarnes@bbn.com>
- CC: "public-identity@w3.org" <public-identity@w3.org>
On 2011-11-29 16:11, Richard L. Barnes wrote: > Hi Anders, > > You've mentioned Google Wallet several times. Could you explain > why you think it's important for the development of a web crypto API? Harry took up the "Korean bank" use-case. Unless the solution meet financial industry standards or expectations, I would (as I have motioned several times...) put this path to rest because none of the browser vendors have any reason implementing it since they already have [pretty under-performing] enrollment solutions. > In particular, what do you mean by "the strength of Google Wallet"? > Do you mean that the web crypto API must be able to provide crypto > strong enough to support applications Google Wallet? (That is, > equivalent to what Google Wallet uses today.) This is a discussion point but what I mean is that the *architecture* must be able to support GlobalPlatform-like enrollment. The bottom line is that for example in Korea and Sweden have been forced writing their own stuff which was the origin both for mine and Channy Yun's work. That this is a difficult topic is demonstrated by the fact the US Government's PIV card doesn't cover the enrollment which has lead to skyrocketing costs and very limited adoption outside of their jurisdiction. NIST blew it big-time. Hopefully NSTIC will take a new fresh look at this. BTW, GlobalPlatform is not a "Crypto API"; it is system, and IMO that is what is called for. Anders > > --Richard > > > > On Nov 29, 2011, at 1:11 AM, Anders Rundgren wrote: > >> Since I was mentioned by Harry as a possible contributor I would like to summarize >> my input: >> >> A new on-line system system must at least have the strength of the Google Wallet >> which presumably is built around GlobalPLatform. >> >> That the Google Wallet currently is secret is IMO a major obstacle for a fruitful >> discussion. >> >> Maybe a "Googler" could comment on this? >> >> Anders Rundgren >> >> > > >
Received on Tuesday, 29 November 2011 20:41:42 UTC