As Ryan said, there's no mechanism to use a certificate or smart card for this purpose at the web application layer, but it's feasible to use W3C Web Authentication and a security key device to do this. Explicit confirmation of a transaction is provided in that via an extension not yet implemented by browsers, but it's a proof-of-possession much in the same way as a smart card.
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API https://www.w3.org/TR/2019/REC-webauthn-1-20190304/ -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
