RE: Technology Nexus Web Cryptography API use-cases

Hi Anders,

Thanks for the comments, Ill try to explain how I was thinking.

Im not aiming to build a complete replica of Nexus Personal, what Im mainly looking for is a common way to access a crypto provider from the browser, and then register e.g. Nexus Personal as a crypto provider to give access to smart cards. This summarizes most of the use-cases that I sent in.

I think that Wan-Teh's signature write-up (http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0007.html) is a subset of mine. Mine is just a more generalized description of the need for smart-card support, but with a more specific technical description.

Further I wanted to put soma extra focus on signatures in the Web Crypto API which currently have very few use-cases on signing (http://www.w3.org/2012/webcrypto/wiki/Use_Cases).

In the cases where PIN is not supported by the a SoftToken I would imagine the crypto provider either just blindly accepting the request signing it or provide the user with a dialog to accept signing operation.

Cheers

Samuel Erdtman  |  Developer
Nexus Group  |  www.nexussafe.com<http://www.nexussafe.com/>
________________________________
From: Anders Rundgren [anders.rundgren@telia.com]
Sent: Monday, July 02, 2012 10:13
To: public-webcrypto-comments@w3.org; Samuel Erdtman
Subject: Re: Technology Nexus Web Cryptography API use-cases

Hi Samuel,
I think most the stuff you write about is out-of-scope for the WebCrypto WG.

I don't think that you actually can build applications that mimic the Nexus "Personal" product based on transient downloaded code running in a browser window.

Wan-Teh's signature write-up is though an exception since it is really a complete application:
http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0037.html

I have earlier developed a more advanced version of a Web Signature proposal:
http://webpki.org/papers/wasp/wasp-tutorial.pdf
http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/wasp/wasp-core.xsd

I'm (nowadays) mainly interested in Certificate Enrollment since the schemes supported by the current platforms are (as I have been banging on peoples' heads about for years) essentially inadequate, in addition to being all-over-the map.  The PIN you are mentioning in your use-case is often not even supported by the underlying crypto system like the NSS "SoftToken".

Best regards
Anders Rundgren
User of Nexus personal, Vendor to BankID, and PKI/Web Technologist.

Received on Wednesday, 4 July 2012 05:45:46 UTC