A partial archive of discourse.wicg.io as of Saturday February 24, 2024.
[Proposal] Smart Card API
dandrader
2022-08-11
The objective of this API is to enable smart card (PC/SC) applications to move to the Web platform. It gives them access to the PC/SC implementation (and card reader drivers) available in the host OS.
Smart cards are popular in the enterprise and governmental sectors. A governmental website could identify a citizen by communicating with a government-issued smart ID card inserted in a card reader without the need of external, native, applications. Similarly, an enterprise that issues smart cards to their employees could authenticate them in its corporate website using the employee’s card inserted in a smart card reader needing only the browser itself.
One might argue that there are better, more modern, ways than the low level, legacy, PC/SC, such as WebAuthn. But that won’t change the reality that PC/SC is widely used in some sectors of our society.
I’m not very familiar with cryptocurrency technology.
A common use case for smart cards is to use them to store private keys that cannot be extracted. Ie, you can ask the card to sign something but never access that private key that was used for signing. Assuming a cryptocurrency wallet is just a private key: yes.
Don’t understand the question.
Don’t quite understand the question. A smart card is a physical device, so a browser cannot “store” it.
I had a brief look at SQRL. I imagine one could store the Identify Master Key in a smart card then then just send commands to the card to perform operations with that master key, having the card sending back the results. But that would require a SQRL application on that card to process these commands. Unless both the key and the operations happen to be fairly standard so that a card that implements general cryptographic operations and protocols could do the job.
I don’t understand the question.
PS: I also managed to miss the second factor authentication I used on my original account, hence this new one.
Anonymous2292900
2023-04-19
Hi dandrader2, thanks for response.
I asked about blockchain and cryptocurrency, because it’s one of the areas I’m currently studying. I study a lot about network protocols, blockchain regulation and cryptocurrency. I asked you about this initially because one of my later questions involves the idea of smart cards and blockchain. So, thank you for your response. I talk about it, because it is very important for my research, study.
To me, this smart card and blockchain use case is an interesting idea, or could be an interesting idea. In that regard, thank you for your feedback and taking the time to read and answer my question.
With the previous feedback, this question really doesn’t make sense. I asked if smart cards were temporary because in theory I thought they were a web spec without having a physical device. This was an initial mistake in thinking, as I had a lot of doubts about your proposal and I haven’t read much about that proposal.
So, I apologize for this pointless question.
thank for feedback.
There are password managers that use the SQL protocol or specification. I initially thought of storing my master password key on a physical device, an smart card.
I was talking about a solid project. I thought your proposal could be integrated into “solid-project”, because in theory you would have a physical device with a lot of personal information.
The idea of solid-project is to decentralize certain information. In my opinion, this could be done with smart cards. So, I asked, if your proposal could be applicable to solid-project. Because one of the biggest problems with solid-project is its massive adoption.
I initially thought of adding smart-cards as something extensible to solid-project. Do you think adding smart cards in solid-project makes sense?