Information Cards via W3C
5 views
Skip to first unread message
Anders Rundgren
Mar 3, 2013, 2:13:47 AM3/3/13
to icf-m...@googlegroups.com
Hi All,
I hope you haven't given up on Information Cards completely.
The #1 problem with Information Cards was always that Microsoft isn't particularly
interested in schemes that doesn't have an obvious tie to the enterprise market and
Active Directory.
Anyway, I still _love_ the idea but have recently gotten seconds thoughts regarding the
implementation as a "fat client". A year ago the W3C initiated an effort to bring
javascript-based crypto support into browsers:
http://www.w3.org/2012/webcrypto
_If_ the Information Card concept was remapped into Web Crypto I believe it could fly again
and also be more flexible like supporting 3D Secure-like payment schemes without requiring
an updated client platform.
Is this technically feasible? Google (who essentially runs the Web Crypto WG), claims it is not
but I believe they may not have investigated the topic enough.
The following paper gives a conceptual view on how I think it could work:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
That this requires a renovated client platform is IMO not a problem because [all]
current client platforms heavily under-perform anyway which is why banks and
other users of PKI _still_ write their own client-PKI-code.
Anders
I hope you haven't given up on Information Cards completely.
The #1 problem with Information Cards was always that Microsoft isn't particularly
interested in schemes that doesn't have an obvious tie to the enterprise market and
Active Directory.
Anyway, I still _love_ the idea but have recently gotten seconds thoughts regarding the
implementation as a "fat client". A year ago the W3C initiated an effort to bring
javascript-based crypto support into browsers:
http://www.w3.org/2012/webcrypto
_If_ the Information Card concept was remapped into Web Crypto I believe it could fly again
and also be more flexible like supporting 3D Secure-like payment schemes without requiring
an updated client platform.
Is this technically feasible? Google (who essentially runs the Web Crypto WG), claims it is not
but I believe they may not have investigated the topic enough.
The following paper gives a conceptual view on how I think it could work:
http://webpki.org/papers/PKI/pki-webcrypto.pdf
That this requires a renovated client platform is IMO not a problem because [all]
current client platforms heavily under-perform anyway which is why banks and
other users of PKI _still_ write their own client-PKI-code.
Anders
Reply all
Reply to author
Forward
0 new messages