Re: Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83 from Francisco Corella on 2012-03-21 (public-identity@w3.org from March 2012)

From: Francisco Corella <fcorella@pomcor.com>
Date: Wed, 21 Mar 2012 09:12:50 -0700 (PDT)
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-identity@w3.org" <public-identity@w3.org>, Karen Lewison <kplewison@pomcor.com>
Message-ID: <1332346370.779.YahooMailNeo@web125515.mail.ne1.yahoo.com>

Harry,

> > This thread shows that a workshop on user certificates would be
> > useful.  Are you still planning on having one this spring, or have
> > you given up on that? 
> 
> We'll see. It depends on how the Web Crypto WG goes, some amount
> (although not everything talked about on this mailing list)
> certificate handling is in "secondary features" so I see no real
> reason for another workshop at this point unless it seems another WG
> is necessary to do that work.

The Web Crypto WG is about a JavaScript API.  Issuing and using
certificates should not require JavaScript.  TLS client certificates
are not a JavaScript feature.  The <keygen> element, a building block
for certificate issuance, is not a JavaScript feature.  It is possible
today to issue a certificate automatically to at least one browser
(Firefox) without JavaScript, although not securely.

A workshop would help you decide whether a WG is needed; and it would
be useful to get the people interested in certificates in one room,
whether or not a WG follows.

Francisco

Received on Wednesday, 21 March 2012 16:13:27 UTC