Re: [Pcsclite-muscle] Web API For Accessing Secure Element

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [Pcsclite-muscle] Web API For Accessing Secure Element

Ludovic Rousseau
Hello Frank,

I am not a GlobalPlatform expert. The API is/was also proposed at the W3C.
From the W3C mailing list [hidden email] archive [1] I see people names present on the OpenSC mailing list.
Maybe more knowledgeable people can answer you.

Bye

[1] http://lists.w3.org/Archives/Public/public-sysapps/

2016-08-01 22:42 GMT+02:00 Frank Morgner <[hidden email]>:
Hi Ludovic!

Do you have any insights on how the GP's approach relates to the
attempts over the past years on bringing smart card access to the
browser?

Regards,
Frank.


On Monday, August 01 at 11:43AM, Ludovic Rousseau wrote:
> Hello,
>
> A new API is discussed the GlobalPlatform organisation.
> "Web API For Accessing Secure Element"
> http://globalplatform.github.io/WebApis-for-SE/doc/
>
> The idea is to provide an access to secure elements (smart cards and other
> form factors) from a Javascript application in a web browser.
>
> It is a low level API. You can exchange APDU to secure elements (smart
> cards).
> I don't think the API is provided by any web browser yet.
>
>
> When the API is ready (and deployed) I could write a new sample code in
> Javascript and add it to my list "PC/SC sample in different languages"
> http://ludovicrousseau.blogspot.fr/2010/04/pcsc-sample-in-different-languages.html
>
> Bye
>
> --
>  Dr. Ludovic Rousseau

> _______________________________________________
> Pcsclite-muscle mailing list
> [hidden email]
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

_______________________________________________
Pcsclite-muscle mailing list
[hidden email]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle



--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Pcsclite-muscle] Web API For Accessing Secure Element

Anders Rundgren-2
On 2016-08-02 10:29, Ludovic Rousseau wrote:
> Hello Frank,
>
> I am not a GlobalPlatform expert. The API is/was also proposed at the W3C.
> From the W3C mailing list [hidden email] <mailto:[hidden email]> archive [1] I see people names present on the OpenSC mailing list.
> Maybe more knowledgeable people can answer you.

The fundamental problem with connecting smart cards to the Web is that
transiently downloaded javascript from possibly unknown Web sites is
not comparable to explicitly installed (hopefully) "trusted" applications.

Due to that users will have to deal with security questions they know zilch of:
http://webpki.org/papers/permissions.pdf

I do not see how the GP access control system could be used on the Web and
I do not think the browser vendors know that either.

However, the smart card folks keep dreaming of the Web:
https://www.w3.org/community/hb-secure-services/

Personally, I continue claiming that there is another way
https://github.com/w3c/websec/issues/91#issuecomment-235160950
which is flexible and doesn't require 5 years of standardization.

Anders



>
> Bye
>
> [1] http://lists.w3.org/Archives/Public/public-sysapps/
>
> 2016-08-01 22:42 GMT+02:00 Frank Morgner <[hidden email] <mailto:[hidden email]>>:
>
>     Hi Ludovic!
>
>     Do you have any insights on how the GP's approach relates to the
>     attempts over the past years on bringing smart card access to the
>     browser?
>
>     Regards,
>     Frank.
>
>
>     On Monday, August 01 at 11:43AM, Ludovic Rousseau wrote:
>     > Hello,
>     >
>     > A new API is discussed the GlobalPlatform organisation.
>     > "Web API For Accessing Secure Element"
>     > http://globalplatform.github.io/WebApis-for-SE/doc/
>     >
>     > The idea is to provide an access to secure elements (smart cards and other
>     > form factors) from a Javascript application in a web browser.
>     >
>     > It is a low level API. You can exchange APDU to secure elements (smart
>     > cards).
>     > I don't think the API is provided by any web browser yet.
>     >
>     >
>     > When the API is ready (and deployed) I could write a new sample code in
>     > Javascript and add it to my list "PC/SC sample in different languages"
>     > http://ludovicrousseau.blogspot.fr/2010/04/pcsc-sample-in-different-languages.html
>     >
>     > Bye
>     >
>     > --
>     >  Dr. Ludovic Rousseau
>
>     > _______________________________________________
>     > Pcsclite-muscle mailing list
>     > [hidden email] <mailto:[hidden email]>
>     > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
>
>     --
>     Frank Morgner
>
>     Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
>     OpenPACE                        http://openpace.sourceforge.net
>     IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
>
>     _______________________________________________
>     Pcsclite-muscle mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
>
>
>
>
> --
>  Dr. Ludovic Rousseau
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel