It is not possible to get onto DOD sites today without loading certs, so there are lots of hills to climb. I would like to start testing this asap - what do I need to do? ..tom
On Fri, Sep 23, 2022 at 9:09 AM Christian Biesinger <cbiesin...@chromium.org> wrote: > While I don't know if this specific proposal would support it, things like > the various EU countries' citizen cards (using their national IDs for > authenticating to government services) do not use TLS client certs, instead > relying on other software that needs to be installed. > > Christian > > On Wed, Sep 21, 2022 at 5:13 PM agowa338 <agowa...@gmail.com> wrote: > >> What's the difference between this proposal to just using HTTPS client >> auth with a certificate on a smartcard? That's basically what we've been >> using for decades now... >> >> rei...@chromium.org schrieb am Mittwoch, 21. September 2022 um 20:41:56 >> UTC+2: >> >>> Not mentioned above but included in the explainer: To mitigate some of >>> the obvious security concerns this API will only be available to Isolated >>> Web Apps <https://github.com/WICG/isolated-web-apps>. >>> Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome >>> <https://www.google.com/chrome> >>> >>> >>> On Wed, Sep 21, 2022 at 8:00 AM 'Daniel d'Andrada' via blink-dev < >>> blin...@chromium.org> wrote: >>> >>>> Contact emailsdand...@google.com >>>> >>>> Explainer >>>> https://github.com/dandrader/web-smart-card/blob/main/README.md >>>> >>>> Summary >>>> >>>> Enables smart card (PC/SC) applications to move to the Web platform. It >>>> gives them access to the PC/SC implementation (and card reader drivers) >>>> available in the host OS. >>>> >>>> >>>> Blink componentBlink >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> >>>> >>>> Motivation >>>> >>>> While there are other APIs that provide the right level of abstraction >>>> and security properties for identity on the Web, such as WebAuthn, there >>>> are domain-specific functions which can't be captured by such higher-level >>>> APIs. A remote access (aka "remote desktop") web app letting the remote >>>> machine access the host's card reader as if it were directly connected to >>>> it. Enabling PC/SC applications on that remote machine to work without >>>> modification, unaware that the card reader is not local. A web-based kiosk >>>> could read even simple RFID badges via PC/SC and then display relevant >>>> information on a screen. It's also not uncommon for such readers to need >>>> control commands to put them into the proper state for reading the >>>> particular type of card the application supports. >>>> >>>> >>>> Initial public proposalhttps://github.com/WICG/proposals/issues/64 >>>> >>>> TAG review statusPending >>>> >>>> Risks >>>> >>>> >>>> Interoperability and Compatibility >>>> >>>> >>>> >>>> *Gecko*: No signal >>>> >>>> *WebKit*: No signal >>>> >>>> *Web developers*: No signals >>>> >>>> *Other signals*: PC/SC developers. Generally positive. (see e-mail >>>> thread >>>> <http://lists.infradead.org/pipermail/pcsclite-muscle/2022-August/001282.html> >>>> ) >>>> >>>> WebView application risks >>>> *Does this intent deprecate or change behavior of existing APIs, such >>>> that it has potentially high risk for Android WebView-based applications?* >>>> >>>> No >>>> >>>> >>>> >>>> Debuggability >>>> >>>> >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ?No >>>> >>>> Flag nameSmartCard >>>> >>>> Requires code in //chrome?Yes. Similarly to other device APIs like >>>> WebHID and WebUSB. >>>> >>>> Estimated milestones >>>> >>>> No milestones specified >>>> >>>> >>>> Link to entry on the Chrome Platform Status >>>> https://chromestatus.com/feature/6411735804674048 >>>> >>>> This intent message was generated by Chrome Platform Status >>>> <https://chromestatus.com/>. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2539271a-7eee-468b-8e28-17f19ad4ed02n%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2539271a-7eee-468b-8e28-17f19ad4ed02n%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XFndAAn1vXgLQzhGtf4oZAqidAHULDM177Su7SnGyA7hA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPTJ0XFndAAn1vXgLQzhGtf4oZAqidAHULDM177Su7SnGyA7hA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK2Cwb7sgeGfnbq_enga7tk3384kd22X9K5WG-dz%2BBxPdMdJRw%40mail.gmail.com.
