W3C home > Mailing lists > Public > public-webid@w3.org > November 2014

Re: Microsoft WebCrypto Payment suggestion

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 12 Nov 2014 13:42:26 +0100
Message-ID: <546355B2.50800@gmail.com>
To: Kingsley Idehen <kidehen@openlinksw.com>, public-webpayments@w3.org, "public-webid@w3.org" <public-webid@w3.org>
On 2014-11-12 13:28, Kingsley Idehen wrote:
> On 11/12/14 7:00 AM, Anders Rundgren wrote:
>> Somewhat unsurprising the platform vendors are beginning to focus on
>> extending WebCrypto as the foundation for payments etc.
>>
>> https://www.w3.org/2012/webcrypto/wiki/images/d/dd/CertAndKey_Management_Requirements_for_WebCrypto_microsoft.pdf
>>
>>
>> Anders
>>
>>
>>
>
> Shouldn't you have pointed some of these parties to
> <https://mobilepki.org/WebCryptoPlusPlus> ?
>
> They have PDFs, you have a live demo :)

Thanx but actually, I don't think technical merits have much importance :-(

Anyway, Microsoft's solution can be built on top of Windows, mine cannot since
the Windows keystore mechanism doesn't offer what *I* consider core security:
http://webpki.org/papers/key-access.pdf

Microsoft's solution also doesn't comply with the *implicit* requirements
put forward by the US government's "Derived Credential" program:
http://defensesystems.com/articles/2014/11/10/comment-can-derived-credentials-replace-cacs.aspx

>
> BTW -- did you fix the IE issue I reported?

IE 11, should work, earlier versions haven't been tested and only Chrome
and Firefox beta really gives you the full picture (through JS console).

Also note that steps 4-5-6 are performed through emulation - Not the real thing.

Anders

>
Received on Wednesday, 12 November 2014 12:42:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:50 UTC