- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Thu, 09 Feb 2012 22:07:02 +0100
- To: "public-identity@w3.org" <public-identity@w3.org>
http://www.w3.org/2011/11/webcryptography-charter.html "The ability to select credentials and sign statements can be necessary to perform high-value transactions such as those involved in finance, corporate security, and identity-related claims about personal data" "The provisioning and use of keys within Web applications can be used for scenarios like increasing the security of user authentication and determining whether a particular device is authenticated for particular services" If you combine these high-level requirements you essentially get a "webbified" Google wallet (and more). However, the Google wallet is not an API, it is a system and architecture. For financial transactions and key provisioning the DOMCrypt stuff that Mozilla showcased last summer, IMO doesn't even come close to the already shipping Google product so we are apparently (?) talking about something entirely different. "Out of scope: features include special handling directly for non-opaque key identification schemes, access control mechanisms beyond the enforcement of the same-origin policy, and functions in the API that require smartcard or other device-specific behavior" The Google wallet builds on smart card technology. Anders
Received on Thursday, 9 February 2012 21:07:36 UTC