- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 26 Nov 2012 16:34:27 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
If you look at the section "How does it work" in:
http://code.google.com/p/seek-for-android/wiki/AccessControlIntroduction
it seems that the core idea that it is the resource itself that declares which applications that are allowed to access it. The applications are recognized by their digital signature.
That is, this is a possible scheme for pre-provisioned keys which is independent of web origins.
It is possible that it is difficult translating this scheme to web but it might be worth investigating this anyway since the scheme will likely be a part of future devices.
The net result would be a unified API for performing cryptographic operations on keys but with two distinct methods for key discovery.
Anders
Received on Monday, 26 November 2012 15:35:08 UTC