What's the difference between this proposal to just using HTTPS client auth with a certificate on a smartcard? That's basically what we've been using for decades now...
rei...@chromium.org schrieb am Mittwoch, 21. September 2022 um 20:41:56 UTC+2: > Not mentioned above but included in the explainer: To mitigate some of the > obvious security concerns this API will only be available to Isolated Web > Apps <https://github.com/WICG/isolated-web-apps>. > Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome > <https://www.google.com/chrome> > > > On Wed, Sep 21, 2022 at 8:00 AM 'Daniel d'Andrada' via blink-dev < > blin...@chromium.org> wrote: > >> Contact emailsdand...@google.com >> >> Explainerhttps://github.com/dandrader/web-smart-card/blob/main/README.md >> >> Summary >> >> Enables smart card (PC/SC) applications to move to the Web platform. It >> gives them access to the PC/SC implementation (and card reader drivers) >> available in the host OS. >> >> >> Blink componentBlink >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> >> >> Motivation >> >> While there are other APIs that provide the right level of abstraction >> and security properties for identity on the Web, such as WebAuthn, there >> are domain-specific functions which can't be captured by such higher-level >> APIs. A remote access (aka "remote desktop") web app letting the remote >> machine access the host's card reader as if it were directly connected to >> it. Enabling PC/SC applications on that remote machine to work without >> modification, unaware that the card reader is not local. A web-based kiosk >> could read even simple RFID badges via PC/SC and then display relevant >> information on a screen. It's also not uncommon for such readers to need >> control commands to put them into the proper state for reading the >> particular type of card the application supports. >> >> >> Initial public proposalhttps://github.com/WICG/proposals/issues/64 >> >> TAG review statusPending >> >> Risks >> >> >> Interoperability and Compatibility >> >> >> >> *Gecko*: No signal >> >> *WebKit*: No signal >> >> *Web developers*: No signals >> >> *Other signals*: PC/SC developers. Generally positive. (see e-mail thread >> <http://lists.infradead.org/pipermail/pcsclite-muscle/2022-August/001282.html> >> ) >> >> WebView application risks >> *Does this intent deprecate or change behavior of existing APIs, such >> that it has potentially high risk for Android WebView-based applications?* >> >> No >> >> >> >> Debuggability >> >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ?No >> >> Flag nameSmartCard >> >> Requires code in //chrome?Yes. Similarly to other device APIs like >> WebHID and WebUSB. >> >> Estimated milestones >> >> No milestones specified >> >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/6411735804674048 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2539271a-7eee-468b-8e28-17f19ad4ed02n%40chromium.org.
