- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 13 May 2013 21:36:00 +0200
- To: Arun Ranganathan <arun@mozilla.com>
- CC: Ryan Sleevi <sleevi@google.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On 2013-05-13 19:32, Arun Ranganathan wrote: > > On May 13, 2013, at 1:00 PM, Ryan Sleevi wrote: > >> That question has already been answered. > > > The issue of cross-origin use of cryptographic interfaces is discussed here: > > http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0036.html eIDs are currently not provisioned through Web Crypto and it is unlikely that they will be that in the future for a number of reasons like that such eIDs would be unusable by "apps" and that Web Crypto doesn't support secure messaging which is a prerequisite for secure provisioning. I don't see any major difference wrt to privacy, UI etc. between data provisioned through "web methods"/SOP and data that has been provisioned through other means but tagged with an origin (=legitimate owner). eID is just a fancy name for private keys and certificates of the kind that most platforms (UAs) already support since ages back. There are *huge* advantages linking these two disparate worlds together! Anders > > And Aymeric has suggested: > > http://lists.w3.org/Archives/Public/public-webcrypto/2013May/0067.html > > My opinion is that this API is constrained by this type of use. Use cases that fall out of this type of use honestly fall beyond the scope of the Web Crypto API. > > -- A* >
Received on Monday, 13 May 2013 19:36:34 UTC