RE: [Web Crypto WG] ACTION-40 : clarifying smart card usage in section 4 of the draft API from Ali Asad on 2012-08-28 (public-webcrypto@w3.org from August 2012)

From: Ali Asad <Asad.Ali@gemalto.com>
Date: Wed, 29 Aug 2012 01:05:19 +0200
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
CC: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Message-ID: <821D566D81EF6F4F830409E0BD3B1022C4203E1853@ABSEXCFWP01.gemalto.com>

To the editors,

I suggest that we add the following text to clarify the role of secure elements such as smart cards in section 4.0, Scope. http://www.w3.org/2012/webcrypto/WebCryptoAPI/#scope

Append to the second paragraph as follows...

>>
Chief among the implementation-specific APIs that this specification avoids is key provisioning for use with smart cards and other forms of secure-element based key storage. In addition to the inconsistency between existing cryptographic APIs, smart card provisioning is often encumbered with vendor-specific details that make it unsuitable for a generic interface. However, the API will not preclude the use of  pre-provisioned keys that already reside in secure elements such as smart cards. The use of such keys will be at the discretion of the application. An application can request to discover keys from a certain location, such as smart card, secure storage or DB. The application may also request notification when such a key is selected, and verification that the key indeed comes from the specified location.
>>

Best regards,
--- asad


From: GALINDO Virginie
Sent: Monday, August 27, 2012 3:37 PM
To: Ali Asad
Cc: public-webcrypto@w3.org
Subject: [Web Crypto WG] ACTION-40 : clarifying smart card usage in section 4 of the draft API

Asad,
As discussed today, an action has been assigned to you to write some proposal to the editors to take into account the secure element in the scope section.
Related action is action-40.
Regards,
Virginie
gemalto

Received on Tuesday, 28 August 2012 23:05:44 UTC