[webauthn] Operating System Vendor Public Key Infrastructure and Web Authentication

AdamSobieski has just created a new issue for https://github.com/w3c/webauthn:

== Operating System Vendor Public Key Infrastructure and Web Authentication ==
Discussed are operating system vendor provided public key infrastructure and X509 certificates as components of user authentication and digital signing scenarios through a web browser.

During the installation of operating systems, users may initialize digital wallets and app store experiences.  As users enter their credit card or debit card information, this is an opportunity for operating system vendors to authenticate users, their real names provided and, along with bank accounts, authenticated.  After authenticating users' real names, operating system vendors can provide them with X509 certificates with their real names.

Obtaining the X509 certificate may be free or cost one penny.  Depending upon the region, a transaction may be required to authenticate users' real names and bank accounts.  If banking API's support authenticating users' names and billing addresses without transactions, then the X509 certificates under discussion could be free.

The scenarios considered include using such X509 certificates to:

1. authenticate users and users' real names when creating or updating social media accounts.
2. digitally sign web-based email messages (e.g. Hotmail, Gmail, etc.)

# Questions

1. Are the above scenarios supported by the WebAuthn and WebCrypto (or other relevant) API's?
2. Can a website specify a list of certificate authorities (e.g. operating system vendor PKI) to filter certificates for user selection?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/521 using your GitHub account

Received on Friday, 4 August 2017 22:23:05 UTC