Thanx Pekka. Such cards are indeed used in conjunction with Web-signing. Unfortunately using a proprietary web-signers like "SmartTrust Personal" or "Setec CSP".
/anders ----- Original Message ----- From: "pekka honkanen Welho" <[EMAIL PROTECTED]> To: "'Anders Rundgren'" <[EMAIL PROTECTED]>; "'internet-payments'" <[EMAIL PROTECTED]> Sent: Friday, October 31, 2003 09:55 Subject: VS: On-line signature standards http://www.fineid.fi/default.asp?todo=setlang&lang=uk this is a link to an interesting multimedia presentation on the Finnish government - banks - telcos joint project on using the government produced certificate on bank and telco issued cards. Pekka Honkanen -----Alkuperäinen viesti----- Lähettäjä: Anders Rundgren [mailto:[EMAIL PROTECTED] Lähetetty: 30. lokakuuta 2003 23:46 Vastaanottaja: internet-payments Aihe: On-line signature standards Here is some information related to Internet payment gathered from a poll made to the IETF-PKIX, IETF-SMIME, and the OASIS PKI-TC lists regarding the current state of on-line signature standards ===================================================== There are apparently no standards and nothing in the works either with respect to signing on-line data on the web using Internet browsers. ===================================================== Since web-signing is today [*] used by many, many, more people and organizations than there are users of signed e-email, I remain puzzled. Is the PKI community really just a bunch of "nerds", mostly out of touch with the needs of the market? And what good is a legal framework like the EU signature directive, intended to address "legal interoperability" if there is no interoperability in the technical solutions? "The truth is [still] out there" to travesty a famous TV series. However, my request spurred quite a lot of interest, so I believe that web- signing really is a thing that finally will be standardized. The question is more by who, as the major interest is really coming from the public sector, not from commercial entities like banks, that rather protect their investments in proprietary solutions. I personally plan to pusue such a task in W3C or in OASIS in case somebody is interested. *] Like Scandinavian banks having > 0.5M of users. All current systems rely on entirely proprietary mechanisms. Most of the vendors even require NDAs for getting the documentation. Anders Rundgren
