- From: Janusz Majnert <j.majnert@samsung.com>
- Date: Tue, 02 Jul 2013 09:14:14 +0200
- To: public-sysapps@w3.org
Hi, I thought it should work something along the lines: W3C proposes an API -> competing platforms make the API available to UAs by exposing platform libraries -> competing UAs implement the API. In this scenario: * only the platform vendor needs an NDA, but presumably already has one since the Secure Element HW is used * it is the platform vendor that implements the system-level abstraction for the HW (as always) * UAs only need to know the W3C API definition and the system-level abstraction API I agree that having a "universal" API, like sendAPDU(hexData), is not a good idea. The development of this API should as always be driven by foreseeable use cases and allow for interoperability. Regards, Janusz Majnert Samsung R&D Institute Poland Samsung Electronics On 2013-07-02 08:38, Anders Rundgren wrote: > http://www.fidoalliance.org/faqs.html > > The FIDO authentication protocol needs to be part of a standardized, interoperable ecosystem to be successful. Building this ecosystem requires the active commitment of everybody from hardware chipset vendors, to the manufacturers of back-end server systems. Coordination across the divergent interests of these players is a complex affair, and one that current technical standards bodies are not well suited to handle. > > The FIDO Alliance will refine the protocol, and monitor the extensions required to meet market needs and to make the protocol robust and mature. Implementation will not be undertaken by the FIDO Alliance. The mature protocol will be presented to the IETF, W3C or similar body after which it will be open to all industry players to implement. > > ------------------- > > IMO, the very same considerations apply to a Security Element API. > The current W3C input document does not come with a description of what the anticipated applications are which makes standardization of a possible Security Element API a true guesswork (t appears to be an opaque protocol which by definition is "universal" but that's hardly going to make it particularly interoperable). > > The lack of a discussion around these issues is also an indication that something is missing from the plot. It might be "interest", but it may also be "openness". > In fact, just getting the datasheet for most Security Elements including the one embedded in many high-end Android phones requires a signed NDA! > > True standardization is probably at least 5 years down the road and there will be multiple and competing standards as well. > FIDO Alliance will presumably provide one of the candidates although standardization at this stage will essentially be a formality. > > Don't get me wrong; standardization is great but some targets aren't suited for standardization. > > Anders > >
Received on Tuesday, 2 July 2013 07:14:46 UTC