Re: [opensc-devel] W3C takes on Web+SecurityElements

On 10/3/2012 2:04 PM, Anders Rundgren wrote: > On 2012-10-03 20:45, Andreas Schwier wrote: >> Hmmm, so why would I want an IDP if I could prove my identity >> (certificate) and authenticity (client signature in SSL) with the >> credentials I have on my card ? The SSO aspect of the IDP... Using a

Re: [opensc-devel] W3C takes on Web+SecurityElements

On 2012-10-03 20:45, Andreas Schwier wrote: > Hmmm, so why would I want an IDP if I could prove my identity > (certificate) and authenticity (client signature in SSL) with the > credentials I have on my card ? > > Is it because SAML is easier to integrate than SSL client authentication > ? Or is i

Re: [opensc-devel] W3C takes on Web+SecurityElements

Hmmm, so why would I want an IDP if I could prove my identity (certificate) and authenticity (client signature in SSL) with the credentials I have on my card ? Is it because SAML is easier to integrate than SSL client authentication ? Or is it because I want my IDP (e.g. Google / Facebook) to know

Re: [opensc-devel] W3C takes on Web+SecurityElements

Hi Anders, of course I know your concept around SKS. My point is, that the security of the key provisioning mechanism must be grounded in the device itself. And because it is a limited device, the mechanisms must be a little more smart card friendly. That's why we designed the solution using stan

Re: [opensc-devel] W3C takes on Web+SecurityElements

On 2012-10-03 14:42, Andreas Schwier (ML) wrote: > Hi Anders, Hi Andreas, > > fine, just another API to access smart cards, token or secure elements - > this time using APDUs from within JavaScript. Why not ? > > I just don't see the application for it. What problem are they going to > solve ?

Re: [opensc-devel] W3C takes on Web+SecurityElements

On 10/3/2012 5:08 AM, Andreas Schwier (ML) wrote: > So why do you think the smart card industry has never managed to get > their stuff "web compatible" ? > > Isn't OpenSC the best example that "Yes, you can access a protected > website / webapplication / webservice using a smart card and standard

Re: [opensc-devel] W3C takes on Web+SecurityElements

Hi Anders, fine, just another API to access smart cards, token or secure elements - this time using APDUs from within JavaScript. Why not ? I just don't see the application for it. What problem are they going to solve ? Would I trust some foreign JavaScript code in my browser to freely access my

Re: [opensc-devel] W3C takes on Web+SecurityElements

Il 03/10/2012 13:23, Anders Rundgren ha scritto: > What do you decipher from the following? > http://lists.w3.org/Archives/Public/public-sysapps/2012Jun/0058.html That Gemalto is interested in being an early player? :) BYtE, Diego. ___ opensc-devel mai

Re: [opensc-devel] W3C takes on Web+SecurityElements

On 2012-10-03 12:08, Andreas Schwier (ML) wrote: > So why do you think the smart card industry has never managed to get > their stuff "web compatible" ? > > Isn't OpenSC the best example that "Yes, you can access a protected > website / webapplication / webservice using a smart card and standard >

Re: [opensc-devel] W3C takes on Web+SecurityElements

So why do you think the smart card industry has never managed to get their stuff "web compatible" ? Isn't OpenSC the best example that "Yes, you can access a protected website / webapplication / webservice using a smart card and standard based technology" works ? The issue really is, that the top

[opensc-devel] W3C takes on Web+SecurityElements

http://www.w3.org/2012/09/sysapps-wg-charter Since the smart card industry have never managed making their stuff "web compatible" before, I assume they will fail this