Re: A Somewhat Critical View of SOP (Same Origin Policy)

Siva, 

I see your point. But it is an obvious one in the current discussion. Brad was 
just very helpful for me to understand where we are, where we see conflicts 
and where we can have synergies. 

What remains a challenge for the EMV/CAC credentials is the scoping with 
respect to the Web architecture. I have some solutions on my mind and I 
already talked to Virginie, but I have to work them out before being able to 
present them. In the meantime, I must admit that this task is not the only one 
I have, so we stretched the time to work it out a bit. 

And of course we have to look into the results of the WebCryptoNext Workshop. 

 --Rigo

On Wednesday 23 September 2015 6:47:46 Siva Narendra wrote:
> Rigo. I think it will be useful to look at the minutes of the last W3C web
> crypto workshop and the voting results.
> 
> FIDO has its place but it is not the only framework for the web. Web
> standards ought to consider more inclusive framework and not just be a FIDO
> shop. That was in summary the outcome of the workshop.
> 
> Consider this - For NIST Level 4 auth, FIDO applet can run on a smartcard
> but so can other applets such as EMV/EMV tokenization or CAC/CAC derived
> credentials - these may or most likely may not be FIDO centric.
> 
> Smartcard standards (the only globally universal hardware secuirty
> standard) doesn't pick a favorite and is generic enough. Web standards
> shouldn't either and can be made generic enough.

Received on Saturday, 26 September 2015 10:11:39 UTC