W3C home > Mailing lists > Public > public-web-security@w3.org > October 2014

Re: [Web Crypto Next] Lets start discussing !

From: helpcrypto helpcrypto <helpcrypto@gmail.com>
Date: Tue, 28 Oct 2014 09:09:07 +0100
Message-ID: <CAHMQSgv2uuhY5YbczLztTz3fhpJDxo1PdC-k1MXS4NVwCzJ4RQ@mail.gmail.com>
To: public-web-security@w3.org
Hi


Don't know if I'm late, but as nvdbleek proposed [1], we are truly
interested in a web-document signing approach.

Actually we suffer Java applets, and dream about a Javascript alternative
(like Webcrypto) but with the possibility of looking for an specific key
(even at specific card).

So, something like findCertificate(token,filter) where filter can be
subject, issuer or a combination of them would be great.

Regarding to population, we have several smartcards from different
manufacturers which -sadly- use different PKCS#11, so
generateKey(token,keyinfo) could also be interesting.

Finally, we do batch signing, where one PIN let the user sign a batch of
documents (currently hashes), so this feature is also very interesting.


With these constraints in mind, we propose -more or less- the following API:

 - optional getToken to retrieve a token handle to work with. This could be
also issues to secure communications between server and client, using SM
and/or component certificates like some eID.
 - getCertificate(filter) which can allow us to filter and show a "filtered
dialog". some exaples: fingerprint, issuer, subject, keyUsage...using a
json-like filter which allows combination seems to be much better.

Signatures are made in 3 steps:
 - init: needed initialization
 - add: invoked for each document we want to sign. the document is sent to
the component/browser and stored internally
 - final: a final "you are going to sign this" dialog is shown. It will be
possible to even show a preview of the documents (pdf,xml+xslt,...) using
other plugins. asks for pin

Of course, all this must be Js asynchronous

We usually do XAdES or PAdES signing. probably a signed js library or
something lika that could be great to extend usage.


This is what actually our applet does, and its the use case we would live
to have on Webcrypto.

Don't hesitate to contact me if you want to discuss this in deep.
Regards


[1]
http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/Using_the_W3C_WebCrypto_API_for_Document_Signing.html
Received on Tuesday, 28 October 2014 08:11:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:33 UTC