- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 19 Feb 2015 15:35:14 +0100
- To: public-webapps <public-webapps@w3.org>
HTTPS Client Certificate Authentication is supported by all browsers since almost 20 years back.
It exposes a fully standardized interface to Web Applications which simply is an URL.
In spite of that it is entirely proprietary with respect to integration in the browser platform
with implementations based on PKCS #11, CryptoAPI, JCE, .NET, NSS as well as working with a
huge range of secure key-containers like SIM, PIV, TEE, TPM, "Soft Keys". This side of the
coin has not been standardized since it [provably] wasn't needed.
In: https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html
Google's Ryan Sleevy writes:
What you're looking for is
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html
This scheme could (after "Polishing" + W3C Standardization), without doubt support the same
powerful paradigm as HTTPS Client Certificate Authentication (WebPortable/PlatformProprietary),
for virtually any security application you could think of.
Cheers,
Anders
Received on Thursday, 19 February 2015 14:35:45 UTC