Hi, Client side-TLS is the web client performing the authentication of the TLS session with a client certificate and private key stored on a smartcard available through a PKCS#11 middleware. This functionality is exclusively limited to the authentication of the session, and the web application has no interaction at all with the smartcard, except from getting the client certificate to identify the user.
Here, the web application and service provider would be able to discuss directly with an application on a smartcard. There are _many_ applications, so there can be many usages: - card present web payment, - updating subscription in a transit card, - authentication with an eId card, Best regards, On Wednesday, September 21, 2022 at 11:13:38 PM UTC+2 agowa338 wrote: > What's the difference between this proposal to just using HTTPS client > auth with a certificate on a smartcard? That's basically what we've been > using for decades now... > > rei...@chromium.org schrieb am Mittwoch, 21. September 2022 um 20:41:56 > UTC+2: > >> Not mentioned above but included in the explainer: To mitigate some of >> the obvious security concerns this API will only be available to Isolated >> Web Apps <https://github.com/WICG/isolated-web-apps>. >> Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome >> <https://www.google.com/chrome> >> >> >> On Wed, Sep 21, 2022 at 8:00 AM 'Daniel d'Andrada' via blink-dev < >> blin...@chromium.org> wrote: >> >>> Contact emailsdand...@google.com >>> >>> Explainerhttps://github.com/dandrader/web-smart-card/blob/main/README.md >>> >>> Summary >>> >>> Enables smart card (PC/SC) applications to move to the Web platform. It >>> gives them access to the PC/SC implementation (and card reader drivers) >>> available in the host OS. >>> >>> >>> Blink componentBlink >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> >>> >>> Motivation >>> >>> While there are other APIs that provide the right level of abstraction >>> and security properties for identity on the Web, such as WebAuthn, there >>> are domain-specific functions which can't be captured by such higher-level >>> APIs. A remote access (aka "remote desktop") web app letting the remote >>> machine access the host's card reader as if it were directly connected to >>> it. Enabling PC/SC applications on that remote machine to work without >>> modification, unaware that the card reader is not local. A web-based kiosk >>> could read even simple RFID badges via PC/SC and then display relevant >>> information on a screen. It's also not uncommon for such readers to need >>> control commands to put them into the proper state for reading the >>> particular type of card the application supports. >>> >>> >>> Initial public proposalhttps://github.com/WICG/proposals/issues/64 >>> >>> TAG review statusPending >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> >>> >>> *Gecko*: No signal >>> >>> *WebKit*: No signal >>> >>> *Web developers*: No signals >>> >>> *Other signals*: PC/SC developers. Generally positive. (see e-mail >>> thread >>> <http://lists.infradead.org/pipermail/pcsclite-muscle/2022-August/001282.html> >>> ) >>> >>> WebView application risks >>> *Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications?* >>> >>> No >>> >>> >>> >>> Debuggability >>> >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?No >>> >>> Flag nameSmartCard >>> >>> Requires code in //chrome?Yes. Similarly to other device APIs like >>> WebHID and WebUSB. >>> >>> Estimated milestones >>> >>> No milestones specified >>> >>> >>> Link to entry on the Chrome Platform Status >>> https://chromestatus.com/feature/6411735804674048 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com >>> >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/71af3092-71a5-4186-96c6-39e8ef17f116n%40chromium.org.
