Web Crypto APIs Work In Progress
Written by Kay Ewbank   
Monday, 11 February 2013

The Web Cryptography Working Group of the W3C has produced further documents describing Crypto APIs and when they might be useful.

First we have a revision of the working draft of the Web Cryptography API which was initially published in September 2012.

W3Clogo

This document describes a JavaScript API for performing basic cryptographic operations in web applications, such as hashing, signature generation and verification, and encryption and decryption. It also describes an API for applications to generate and to manage the keying material necessary to perform these operations. According to the W3C, uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications.

The second API to be unveiled is the WebCrypto Key Discovery API. The first working draft of this describes a JavaScript API for discovering pre-provisioned cryptographic keys for use with the Web Cryptography API. Pre-provisioned keys are keys which have been made available to the UA by means other than the generation, derivation, importation functions of the Web Cryptography API. The keys in the API are named and origin-specific, so are available only to a specified origin, and identified by a name assumed to be known to the origin in question and provisioned with the key itself.

We also now have a first draft of Web Cryptography API Use Cases, effectively filling in a missing section of the two previous drafts. The use case scenarios included cover the use of the two APIs, with each describing a potential web application using these APIs. There are scenarios with code snippets for banking transactions; distributing video services to web-enabled TVs and Set Top boxes, encrypted communications via Webmail, storing documents in the cloud, and one that explores threat models in the context of local storage. A scenario for "off the record" real time messaging needs additional details.

All three documents have the status working documents that are under discussion. 

W3Clogo

First Draft Of Web Cryptography API

W3C Draft For Device-Independent Input

W3C Publishes Push API Draft Specification

 

blog comments powered by Disqus

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Nao Plays Music Like A Human
02/11/2014

You may have seen lots of cute videos of Nao playing a musical instrument, but these have mostly been closed loop - that is, if you took the instrument away Nao would carry on playing it. In this vide [ ... ]



EF7 Drops XML Modeling Favors Code First
27/10/2014

Microsoft is dropping some ways of modeling data in the next version of Entity Framework (EF) to make the database tool more lightweight.


More News

Last Updated ( Monday, 11 February 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.