So why do you think the smart card industry has never managed to get their stuff "web compatible" ?
Isn't OpenSC the best example that "Yes, you can access a protected website / webapplication / webservice using a smart card and standard based technology" works ? The issue really is, that the topic at hand (PKI) is way to complex for the average Doe to manage. That's always the downside: Security often means complexity and comes with a price tag. And if it is complex, hard to understand and someone offers some cheaper snake-oil, I probably go for that. Rather than exposing the complexity of the matter with a zoo of options you can choose from, we need to focus on a single generic mechanism and a well designed user experience. It's all there (meaning S/MIME and TLS), it just needs to become a little simpler to manage. So rather than re-inventing the n-solution for Web-ID, SSO or One-Time-Passwords, we - as a community - should improve what is already existing. Andreas Am 03.10.2012 11:09, schrieb Anders Rundgren: > http://www.w3.org/2012/09/sysapps-wg-charter > <http://www.linkedin.com/redirect?url=http%3A%2F%2Fwww%2Ew3%2Eorg%2F2012%2F09%2Fsysapps-wg-charter&urlhash=Tqzg&_t=tracking_disc> > > Since the smart card industry have never managed making their stuff "web > compatible" before, I assume they will fail this time as well. > > Anders > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
