Re: Need for Smart Card support

----- Original Message -----
> From: "Ali Asad" <Asad.Ali@gemalto.com>
> To: "James L. Davenport" <jdavenpo@mitre.org>, public-webcrypto@w3.org
> Sent: Monday, June 4, 2012 9:32:25 AM
> Subject: RE: Need for Smart Card support
> 
> I think it will be good to have an option for interacting with secure
> element (smart card being one example) in the API. Browsers that
> choose to support it can implement it while others can skip it. But
> the fact that it is there in the API will allow creation of secure
> applications (as indicated by the use cases below) for those
> interested in them.
> 

I would like to see what the interfaces for this look like.

A. How does the browser (in a cross-browser and platform way) know about the secure element? In other words, how is the secure element registered with the browser?

B. Does the secure element appear to the browser as another software API that can be called, e.g: window.crypto.secureElement.* ?

* or *

C. Does the secure element export keys which the browser imports and uses like any other keys that have a key handle?

I wonder what this looks like in practice. Is this a combination of crypto API + new browser features that 'register' the secure element with the  browser?  It does not appear an API can do all of this alone.

Cheers,

David



 

Received on Friday, 8 June 2012 16:19:29 UTC