http://lists.w3.org/Archives/Public/public-webcrypto-comments/2014Dec/0011.html
"That is, there is no secure way to expose these legacy hardware devices to a (hostile) web. Note I say insecurable because having to resort to prompting the user is fundamentally ceding security" Anders
