As you probably noted, all proposals related to http://www.w3.org/2012/webcrypto/webcrypto-next-workshop/ were shot down.
Are we waiting on something, and if so is the case, exactly what? Is the idea of building on an already semi-established solution like Chrome Native Messaging unacceptable? Or should this disparate community rather standardize on U2F? Another solution (IMO "workaround") is using local services supplying "Security Services" through Redirects, XHR or WebSockets. Since the (in)famous plugins were simply removed without any thoughts of the implications, it seems that the browser vendors currently "own" this question. Anders
