Re: A working multi-domain WebCrypto - TLS client cert auth from Seetharama Rao Durbha on 2012-08-24 (public-webcrypto-comments@w3.org from August 2012)

From: Seetharama Rao Durbha <S.Durbha@cablelabs.com>
Date: Fri, 24 Aug 2012 13:23:55 -0600
To: Ryan Sleevi <sleevi@google.com>, Anders Rundgren <anders.rundgren@telia.com>
CC: Mountie Lee <mountie.lee@gmail.com>, David Dahl <ddahl@mozilla.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CC5D3043.5731%s.durbha@cablelabs.com>

On 8/24/12 12:14 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:

In a multi-origin model as proposed, the key itself, not a specific
signature, are being granted to the application.

Ryan
At least that was not what I was thinking. Access to key need not mean access to the raw key itself. It could just mean that the other domain can perform certain operations using the key.
We may further restrict access based on operations (I mentioned that earlier), but that adds another dimension of complexity.

Received on Friday, 24 August 2012 19:24:24 UTC