Hardware token are offering secure services in the field of cryptographic operation, citizen identity and payment to native applications. This community group will analyze use cases where browser (and web application developers) could benefit from those secure services. The expected deliverables of this community group are (1) documented use cases, (2) technical requirements for implementing those secure services in user agents, (3) draft APIs, (4) group charter - integrating suggested improvements received during the W3C Hardware Security WG charter proposal review.
Note : by hardware tokens, we mean technologies such as secure chips or secure elements, trusted execution environment, TPM....
Group's public email, repo and wiki activity over time
Note: Community Groups are proposed and run by the community. Although W3C hosts these
conversations, the groups do not necessarily represent the views of the W3C Membership or staff.
The Hardware Based Secure Services has entered into an interesting phase. As the report is finalized (except few editorial issues to solve), the CG members are prototyping. The prototypes are expected to be showed during the W3C TPAC F2F meeting in September in Lisbon. The targeted audience is
CG members attending the meeting on monday (details to be transmitted soon on the mailing list), and
TPAC attendees on wednesday during a breakout session
The objective is to socialize the report and prototypes in order to get opinion from browser makers who objected to the creation of a working group on a similar scope.
Since its kickoff in April 2016 the Community Group had been meeting on a regular basis, face to face, or via conference call. the Community group is now focused on the delivery of its report [1] that will include [2] :
use cases where hardware based token are useful for web application
technical description of two secure features : secure transaction confirmation and secure credential storage
some rationale for architectural choices
In parallel, some Community Group members are developing some proof of concept for demonstrating the feasibility of those secure services, on mobile and PC environments.
The next calls are expected to be on 12th of July and 26th of July at 14:00 UTC, call details will be sent on the mailing list, and irc channel will be #hb-secure-services. Minutes will be published on the mailing list [3], as usual.
In addition, the current report is open for any github issue or pull request from the public [4].
The Hardware-Based Secure Services Community Group met on the 26th and 27th of April at Morrison & Foerster’s offices in London. Readthe chairs’ report and review slides presented by Gemalto, Morpho, and Deutsche Telekom.
At the workshop, we discussed two features in depth: Transaction Confirmation and Secure Credential Storage (key management). Join the CG mailing list to discuss these APIs and next steps.
The Hardware-Based Secure Services CG will hold a working meeting 26-27 April, in London, to develop use cases and draft designs. Please see the workshop page for more information and to register your interest.
Objective of the meeting : The meeting will target 3 objectives : (1) describe use cases for the Hardware-Based Secure Services among the selected fields of identity/crypto/payment, (2) identify first technical requirements (including security and privacy ones), and (3) draft initial API(s) to address those use cases. We welcome demonstrations and and contributions of existing designs or prototypes.
Hardware token are offering secure services in the field of cryptographic operation, citizen identity and payment to native applications. This community group will analyze use cases where browser (and web application developers) could benefit from those secure services. The expected deliverables of this community group are (1) documented use cases, (2) technical requirements for implementing those secure services in user agents, (3) draft APIs, (4) group charter – integrating suggested improvements received during the W3C Hardware Security WG charter proposal review.
Note : by hardware tokens, we mean technologies such as secure chips or secure elements, trusted execution environment, TPM….
This is a community initiative. This group was originally proposed on 2016-04-02 by Virginie GALINDO. The following people supported its creation: Virginie GALINDO, Wendy Seltzer, Jeffrey Sonstein, Olivier Potonniée, Wayne Carr. W3C’s hosting of this group does not imply endorsement of the activities.
