- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 20 Oct 2011 13:12:15 +0200
- To: Harry Halpin <hhalpin@w3.org>
- Cc: Thomas Roessler <tlr@w3.org>, "Francisco Corella" <fcorella@pomcor.com>, "public-identity@w3.org" <public-identity@w3.org>
On 2011-10-19, at 21:08 +0200, Harry Halpin wrote: > Yes, although not that we still have a Crypto API (likely based around > DomCrypt work) in the charter. Therefore, the use of cryptographic > credentials in a Crypto API and their relationship of this Crypto API to > identity authentication and authorization is definitely within scope for > the future WG. > > However, any proposed solutions that require change the CA system (which > many agree are needed at the workshop, but that's beyond the W3C) or > changes to how certificates are currently generated are out-of-scope as > decided by the workshop in our final session. I think it's worthwhile to be careful with words here. I'd probably say that replacing the CA system is a non-goal, and reinventing things like DANE (or other DNSSEC applications) is probably another non-goal. Trust frameworks for certificates (think "CA/Browser forum guidelines for EV certificates") are probably out of scope. I don't recall any particular discussion at the workshop about certificate *formats*. A WG could plausibly build a design for certain identity assumptions based on a JSON-basd certificate format; in that case, I'd hope they'd take a close look at the IETF JOSE WG (JSON signing). A WG could also come up with some clever ideas based on self-signed certificates for some purposes; that, too, strikes me as plausibly in reach. (Note that I'm trying to describe where I think plausible outer bounds might be; I'm not saying that the identity work resulting from these conversations should do any of these things.) > We will announce any future workshops that more narrowly scope themselves > to certificates and the CA system on this mailing list.
Received on Thursday, 20 October 2011 11:12:23 UTC