- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 25 Apr 2013 11:51:39 -0700
- To: Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com>
- Cc: "arun@mozilla.com" <arun@mozilla.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Apr 24, 2013 at 9:44 AM, Nick Van den Bleeken <Nick.Van.den.Bleeken@inventivegroup.com> wrote: > Get access to government applications that require authentication based on your real identity using your eID card (e.g.: to fill in taxes, retrieve birth certificate, ...). Including the option to sign out. > > Requirements: > * Identify an appropriate key (issued by the government) -> query facility > * Export the certificate, including its certificate chain (the website has to validate that the public key was issued by the government) > * Use the private key to perform basic cryptographic operations > > Kind regards, > > Nick Van den Bleeken > R&D Manager > > Phone: +32 3 425 41 02 > Office fax: +32 3 821 01 71 > nick.van.den.bleeken@inventivegroup.com > www.inventivedesigners.com > > ________________________________ > > Inventive Designers' Email Disclaimer: > http://www.inventivedesigners.com/email-disclaimer > As a clarification/qualification of your use case, as discussed as the F2F but ideally to be recorded on the list Your use case requires this functionality be available to any arbitrary web application, correct? That is, there's no specific list of origins that should have access (as new services may be started up), nor is there any other element that limits this access (eg: only allowing access to keys/certificates issued by CA Foo if the server's certificate was ALSO issued by CA Foo)
Received on Thursday, 25 April 2013 18:52:10 UTC