- From: Arie Y LEVY COHEN <arielevycohen@gmail.com>
- Date: Fri, 23 Oct 2015 16:27:37 -0400
- To: Erik Anderson <eanders@pobox.com>
- Cc: Web Payments IG <public-webpayments-ig@w3.org>
- Message-Id: <2FDECBCB-72AF-4112-A989-347D3A6F0C83@gmail.com>
+1 -- Heritage & Legacy Advisory | Multi-Generational Wealth Preservation Arie Y. LEVY-COHEN FINANCIAL ADVISOR | INTERNATIONAL CLIENT ADVISOR PRIVATE WEALTH MANAGEMENT | NEW YORK ECONOMICS | FINANCE | BLOCKCHAIN P: 917.692.6999 > On Oct 23, 2015, at 3:13 PM, Erik Anderson <eanders@pobox.com> wrote: > > Thanks Wendy. I have been anxiously awaiting these. I will review on the plane to TPAC. > > One thing jumps out at me in the web-authentication-charter > >> Out of scope: federated identity, multi-origin credentials, low-level access to cryptographic operations or key material. > > Financial Services uses PKCS#11 and rotatable/changeable key material in their mobile applications so they can instantly rotate any key generation inputs in event of a suspected compromise. They also use this to combine key material and random material into custom SSL tunnels so they dont have ti rely 100% on the trust of the random number generator. > > As written the spec doesnt meet many of the bank security team's ever increasing RISK requirements. In financial services > RISK > R&D > > Anything that has the potential, perceived or real, to increase the an institutional exposure/risk gets veto'ed. > > Erik Anderson > Bloomberg > >> On 2015-10-23 12:36, Wendy Seltzer wrote: >> Hi Web Payments IG, >> In advance of my visit to the IG Monday at TPAC, here are links to the >> draft security charters we'll be discussing. I look forward to your >> input and participation in the Wednesday breakout as well. >> Best, >> --Wendy >> -------- Forwarded Message -------- >> Subject: Draft security charters for discussion at TPAC >> To: public-web-security@w3.org <public-web-security@w3.org> >> Hi Web Security, >> Last year, we announced work in progress on new security work-areas, >> then proposed as a re-chartering of the Web Cryptography Working Group.[1] >> WebCrypto is concluding its work and we have identified two distinct >> areas of potential new work: Web Authentication and Hardware-Based >> Security. We propose to discuss draft charters for this work in a >> plenary day breakout at TPAC (Wednesday).[2] >> Web Authentication (based on an anticipated submission from FIDO 2): >> https://w3c.github.io/websec/web-authentication-charter >> Hardware-Based Security: >> https://w3c.github.io/websec/hwsec-charter >> We look forward to discussion at TPAC, here, and via github pull requests. >> Best, >> --Wendy >> [1] https://lists.w3.org/Archives/Member/w3c-ac-members/2014JulSep/0049.html >> [2] >> https://www.w3.org/wiki/TPAC/2015/SessionIdeas#Web_Authentication_and_Security > > >
Received on Friday, 23 October 2015 20:28:08 UTC