On Tuesday 15 September 2015 13:14:49 Tony Arcieri wrote: > Speaking as someone who attended WebCrypto Next Steps, the common theme to > me was actually a fundamental incompatibility between PKCS#11 APIs and how > web browsers operate. Many talks alluded to some sort of "bridge" or > "gateway" or "missing puzzle piece" to connect the Web to PKCS#11 hardware > tokens. Unfortunately there were no concrete proposals from either a > technical or UX perspective. It was mostly a dream from all of the vendors, > realized in slightly different vague handwavy visions, of how someone could > swoop in and magically solve this problem for everyone. Clearly dreams > without actual technical proposals didn't go anywhere. I wasn't there. What is the fundamental incompatibility? Has someone written that down? Pointer? And why PKCS#11? There are other proposals to deal with hardware-security. Are they incompatible too? We should also note that the SOP argument is not an answer to the underlying identity management question. And having some account with some of the big estates on the web is no valid answer here. I think part of the issue is that we try to connect offline identity management with online identity management. There, SOP is just no argument. What is the relation between SOP and my identity? Unless, like Tantek always suggests, I use my own site to define my identity and use origin and identity as the same thing. I think it will be a much reduced world if identity is reduced to origins. And again, that we can't take unscoped tokens and assume they are trustworthy in any context is so obvious that this shouldn't be the point the argumentation is focusing on. --Rigo
Received on Wednesday, 16 September 2015 09:22:02 UTC