HTTPS Client Certificate Authentication is supported by all browsers since 
almost 20 years back.
It exposes a fully standardized interface to Web Applications which simply is 
an URL.
In spite of that it is entirely proprietary with respect to integration in the 
browser platform
with implementations based on PKCS #11, CryptoAPI, JCE, .NET, NSS as well as 
working with a
huge range of secure key-containers like SIM, PIV, TEE, TPM, "Soft Keys".  This 
side of the
coin has not been standardized since it [provably] wasn't needed.

Google's Ryan Sleevy writes:
   What you're looking for is

This scheme could (after "Polishing" + W3C Standardization), without doubt 
support the same
powerful paradigm as HTTPS Client Certificate Authentication 
for virtually any security application you could think of.


Reply via email to