Security standards for Mobile Device vs "PCs"

A thing that I feel will affect the outcome of many security standardization initiatives is how they relate to the two major platforms.

If we for example take the smart card issue, it has proven beyond doubt to be unsolvable in the PC while being piece of cake in mobile devices.
What do I mean with unsolvable?  The ability to enroll credentials in smart card via a browser.  It is actually so difficult just getting a "standard" smart card to work for logging in that Apple removed support for all cards but the US PIV card in their latest MacOS!

How come it is piece of cake in a mobile devices?  Because embedded SEs like the NXP chip powering the Google Wallet eliminate readers, third-party middleware and the mapping guesswork.
IMO this is the only way to make smart cards "first class citizens" in consumer computers.

Web Crypto haven't taken a position on these issues in an attempt to keep neutrality.   Personally, I'm more interested in the 80% than in supporting a very difficult < 5% audience.

http://news.cnet.com/8301-1023_3-57481166-93/oauth-2.0-leader-resigns-says-standard-is-bad

Anders

Received on Sunday, 29 July 2012 05:53:54 UTC