- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 18 Feb 2014 06:03:24 +0100
- To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Since browser plugins are to be "outlawed" and W3C rejected all suggestions for making WebCrypto useful in more traditional scenarios, the Swedish banks are now rolling out non-web solutions. The only connection left to the browser is now through specific URL-schemes http://www.bankid.com/Global/wwwbankidcom/RP/BankID%20Relying%20Party%20Guidelines%20v2.2.pdf which are used to invoke a local security application. Having explored this feature extensively in my SKS/KeyGen2 PoC, I can attest that it is platform-dependent, unreliable, gives a poor user-experience and introduces serious security disconnects. Anders
Received on Tuesday, 18 February 2014 05:03:57 UTC