- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 01 Oct 2013 15:09:48 +0200
- To: erwan.louet@orange.com
- CC: w3c@marcosc.com, Olivier.POTONNIEE@gemalto.com, mcaceres@mozilla.com, public-sysapps@w3.org
On 2013-10-01 14:04, erwan.louet@orange.com wrote: > What Olivier did not mention, is that Blackberry, Tizen and Android are all implementation of the > same specification (SIM Alliance's Open Mobile API). This is as close to a de-facto standard as you > can get in the mobile world. I do not see any factual point against that spec up to now in the discussion. > The API is straightforward, for those of us who have experience in this area, it does the job with no extra > frills. I had hoped to discuss this (as an observer) during the coming TPAC but it seems that nobody has bothered to answer my request. That this SE API is already implemented in Android is not entirely true because it is (AFAICT) not supported by Google. It is also true (I believe) that this SE API cannot be used without a permission from the operator which IMO reduces the value of an open API. In contrast, Google's SE API in Android 4.3 is available for anybody to use. However, this _should_not_ be interpreted as I'm being "opposed" to this API including its standardization in W3C, I merely maintain that it already has several competitors. The alternatives also sport different security models which has major implications for application development. I.e. an "SE API" may be much more than just another API which also makes the whole topic rather difficult to deal with. Given the field's relative immaturity I believe it is only good that there are many "standards" to select from. It should be up to the market to select what it prefers. Cheers Anders > > The Microsoft API you pointed to might evolve over time. > > Erwan > > -----Message d'origine----- > De : Marcos Caceres [mailto:w3c@marcosc.com] > Envoyé : dimanche 29 septembre 2013 20:42 > À : POTONNIEE Olivier > Cc : Anders Rundgren; Marcos Caceres; sysapps > Objet : Re: Secure elements and PC/SC Workgroup Specifications > > > > > On Thursday, September 26, 2013 at 11:17 PM, POTONNIEE Olivier wrote: > >> Hi Marcos, >> >> As Anders mentioned PC/SC is the de facto standard on desktop environments to access secure element, as it is present on Windows, Linux and MacOS. >> On Mobile, there is no such universal standard. Each platform developed its own native API: >> - Android: >> https://code.google.com/p/seek-for-android/ >> - Windows Phone: >> http://msdn.microsoft.com/en-US/library/windowsphone/develop/microsoft.phone.secureelement(v=vs.105).aspx >> - BlackBerry: >> http://developer.blackberry.com/native/documentation/core/com.qnx.doc.nfc/topic/manual/t_nfcdevguide_connect_app_on_SIM_SE.html >> (not exhaustive list) >> >> Of course the W3C secure element API should not be a copy of the PC/SC specifications, which have a wider scope of features than needed by web applications, and is very low level. What we are willing to expose in the SE API is only a subset of PC/SC part 5, through a slightly higher level API. > > Thanks Olivier for the additional links and clarifications. >
Received on Tuesday, 1 October 2013 13:10:23 UTC