- From: <Joerg.Heuer@telekom.de>
- Date: Mon, 10 Nov 2014 19:20:28 +0100
- To: <boyera@w3.org>, <public-webpayments-ig@w3.org>
Hello all, During my first TPAC experience, two weeks ago, I sensed the awareness for the problem of access to the Secure Element. The resulting timidity to add it to standards frameworks in W3C is understood. Nevertheless, this topic is focus of current activities in organizations like the GSMA. In fact, T-Labs will see to supporting these activities with an eye on the W3C discussions. It is very important to have this (although yet rather weak ) 'pull effect' in place to attract these organizations to work on the topic. As for the wallet framework I have presented at TPAC, we could only demonstrate UICC/ SE. However, even our concept work at T-Labs has encompassed the use of TPM or TEE. For the payment/ wallet topic, we are confident it is possible to come up with respective abstractions. Likewise, I'd think that WebCrypto could go for an appropriate abstraction. Both should have the goal to be agnostic of the specific technology. For more generic security use cases, this might become more difficult but could IMO be assessed by the Web Security group before decisions are taken. The Secure Element, as the one most widespread enabler for hardware-based security worldwide, needs to be embraced by the relevant groups to prove W3C is working on topics with a realistic market relevance. The resulting 'pull effect' will be important to ease access to this enabler over time. Cheers. Jörg -----Original Message----- From: Stephane Boyera [mailto:boyera@w3.org] Sent: Donnerstag, 6. November 2014 13:50 To: public-webpayments-ig@w3.org Subject: Fwd: [W3C Web Security IG] about Web Crypto rechartering discussion held during Web Crypto F2F meeting I would like to bring to the attention of the group the discussion currently being held on the public-web-security mailing-list related to the rechartering of web crypto As Virginie presented during the face-to-face, the web crypto group is a possible host of the work on access to secure elements. However, for now as the mail shows below, there is not a huge interest among group members to proceed in that direction. However, the group is open if there are good use-cases and challenges identified. There is a window of opportunity to influence this form now till around end of january or so. So we may want to have a specific focus or a new task force looking specifically on use-cases related to this topic to provide input for the rechartering of web crypto Cheers steph -------- Message original -------- Sujet: [W3C Web Security IG] about Web Crypto rechartering discussion held during Web Crypto F2F meeting Date de renvoi : Thu, 06 Nov 2014 12:12:37 +0000 De (renvoi) : public-web-security@w3.org Date : Thu, 6 Nov 2014 12:12:07 +0000 De : GALINDO Virginie <Virginie.Galindo@gemalto.com> Pour : public-web-security@w3.org <public-web-security@w3.org> Copie ā : Harry Halpin <hhalpin@w3.org>, Wendy Seltzer <wseltzer@w3.org> Dear all, A short take away from the W3C Web Crypto WG F2F meeting held last week [1], focusing on the aspects of re-chartering : -The actual re-chartering of the Web Crypto WG will not happen before the Web Crypto API is going to Recommendation status. At best, this should happen in January 2014. -The current Web Crypto WG participants would prefer to see anything related to accessing services of secure token being developed in a dedicated WG (except cryptographic services, for which it would make sense to do so in the Web Crypto WG) -There are best chances that the principle of working in W3C on accessing secure token is endorsed if there are some concrete proposal submitted to W3C, sketching what would a solution look like. -Note that from the W3C process point of view, a new Working Group can only be created if at least 20 % of W3C do support the charter (support does not mean join, but means that companies feels it is worth W3C to spend some resources on it). Hope this help people involved in that topic to define their next steps, to be successful. Regards, Virginie Co-chair of web security IG [1] http://www.w3.org/2014/10/30-crypto-minutes.html#item04 ------------------------------------------------------------------------ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Monday, 10 November 2014 18:21:43 UTC