HTTPS Client Certificate Authentication is supported by all browsers since almost 20 years back. It exposes a fully standardized interface to Web Applications which simply is an URL. In spite of that it is entirely proprietary with respect to integration in the browser platform with implementations based on PKCS #11, CryptoAPI, JCE, .NET, NSS as well as working with a huge range of secure key-containers like SIM, PIV, TEE, TPM, "Soft Keys". This side of the coin has not been standardized since it [provably] wasn't needed.
In: https://lists.w3.org/Archives/Public/public-webcrypto-comments/2015Jan/0000.html Google's Ryan Sleevy writes: What you're looking for is http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html This scheme could (after "Polishing" + W3C Standardization), without doubt support the same powerful paradigm as HTTPS Client Certificate Authentication (WebPortable/PlatformProprietary), for virtually any security application you could think of. Cheers, Anders