In my industries, they have big interest for Microsoft's proposal. it actually touching important concepts
1. Key Ownership - the design principle of current webcrypto api is "key provisioner (aka the server) has the key ownership" - if the key is owned by server side, the key will be bound into same origin policy - if the key is owned by user, the key can be used on multiple origins - different principle of key ownership is also touching secure elements at client side. I believe the Web should be User Centric 2. Certificate Management - the suggested API seams workable for CMP (Certificate Management Protocol) 3. Secure Computing Environment - when the PC was compromised, SCE will protect sensitive client side resources. best regards mountie On Mon, Nov 17, 2014 at 4:14 PM, Anders Rundgren < anders.rundgren....@gmail.com> wrote: > On 2014-11-17 07:25, Martin Paljak wrote: > >> Hello, >> >> >> Huge thanks to the creators of this presentation! I feel that parts of it >> target exactly the same sector (signatures with existing tokens) and >> direction and mindset and resulting functionality that we are using within >> Estonia and this makes a perfect collaboration target for us. This is >> similar to what we currently target with "proprietary" (but open source) >> plugins, just need to work on harmonizing the API to get comparable real >> life functionality. >> > > Hi Martin, > > Although the details are quite sketchy I have tried to "decipher" the > documentation. These are my findings: > > It *seems* that relying party code has direct API access (which *not* the > case with plugins). > > That is, it appears that *users* would need to decide (per site) if a > site's *client code* is to be trusted or not. > IMO, issuers like banks would probably not accept such an arrangement. > > OTOH, I may have gotten it all wrong due to the limited documentation :-) > > Cheers, > Anders > > > >> Things like UI are still unclear from the slides but something that can >> be worked upon. >> >> >> Best, >> Martin >> ________________________________________ >> From: GALINDO Virginie [virginie.gali...@gemalto.com] >> Sent: Wednesday, November 12, 2014 11:33 >> To: public-web-security@w3.org; public-webcry...@w3.org; >> jeff.hod...@paypal.com; Anders Rundgren >> Subject: [WebCrypto.Next] Microsoft's Contribution >> >> Dear all, >> Please note that the contribution made by Israel and Vijay, related to >> certificate management is now available on the web crypto WG wiki, >> classified in the F2F meeting page, here https://www.w3.org/2012/ >> webcrypto/wiki/images/d/dd/CertAndKey_Management_ >> Requirements_for_WebCrypto_microsoft.pdf >> This will be discussed when the group will be re-chartering. >> Regards, >> Virginie >> ________________________________ >> This message and any attachments are intended solely for the addressees >> and may contain confidential information. Any unauthorized use or >> disclosure, either whole or partial, is prohibited. >> E-mails are susceptible to alteration. Our company shall not be liable >> for the message if altered, changed or falsified. If you are not the >> intended recipient of this message, please delete it and notify the sender. >> Although all reasonable efforts have been made to keep this transmission >> free from viruses, the sender will not be liable for damages caused by a >> transmitted virus. >> >> > > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : moun...@paygate.net
