On 2015-03-29 17:31, Siva Narendra wrote:
Dead-end because the data used to arrive are myths and are grossly inaccurate.
> See my presentation from the workshop: > http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/slides/hardwaretokens/tyfone.pdf
Dear Siva, The first part of your presentation which shows HTTPS CCA (Client Certificate Authentication) works fine because it builds on what I call "Trusted Code". Due to that it doesn't even have to honor SOP! The whole HTTPS CCA engine and UI is a part of the trusted platform. Transiently downloaded web-code doesn't meet this criterion. Therefore I have suggested a way to address this problem as well as a bunch of other equally difficult topics. I haven't received a single comment or question on that which either means that the proposal is "unintelligible", completely broken, or something else. Cheers, Anders https://cyberphone.github.io/openkeystore/resources/docs/web2native-bridge.pdf
On Mar 29, 2015 8:26 AM, "Anders Rundgren" <anders.rundgren....@gmail.com <mailto:anders.rundgren....@gmail.com>> wrote: On 2015-03-29 17:11, Rigo Wenning wrote: http://pomcor.com/2015/03/24/__highlights-of-the-nist-__worshop-on-piv-related-__special-publications/ <http://pomcor.com/2015/03/24/highlights-of-the-nist-worshop-on-piv-related-special-publications/> Interesting to see that they use NFC for Personal Identity Verification to connect to smart cards. Meanwhile W3C has hard times finding support for the work on NFC and the connection to smart cards.. Will it be impossible to connect the NIS work to the Web? No it is actually quite doable but the method once thought (even by me...) as "the solution" turned out to be a dead-end. The interest in discussing alternatives routes to the same goal seems to be rather limited. Anders --Rigo
