- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 03 Feb 2015 02:16:40 +0100
- To: "public-web-security@w3.org" <public-web-security@w3.org>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
- CC: Siva Narendra <siva@tyfone.com>, Ryan Sleevi <sleevi@google.com>, Harry Halpin <hhalpin@w3.org>, Brad Hill <hillbrad@fb.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, POTONNIEE Olivier <Olivier.Potonniee@gemalto.com>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
FWIW, I have "buried" my efforts putting security HW in the browser (beyond FIDO) since the [theoretical] problems encountered were simply put insurmountable. By pure accident I found this recent posting by Ryan Sleevy: https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html Inside the posting there's a link to this super-cool technology (Chrome Native Messaging) which was recommended to a person wanting to use PKCS #11 for a web-based signature application: http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html Anyway, Chrome Native Messaging could be maybe improved to even better support various security-applications so I did some "polishing" which can be found here: http://webpki.org/papers/web2native-bridge.pdf I'm pretty sure that Apple Pay in its next iteration will use a variant of native messaging to make the wallet equally useful on the web. Yes, it will have the same look-and-feel and security on the web as in a shop which is a way better idea than building a specific wallet for the web. Anders
Received on Tuesday, 3 February 2015 01:17:15 UTC