[Pcsclite-muscle] Proposal for a Web API for smart cards

Daniel d'Andrada dandrader at google.com
Wed Aug 17 09:35:06 PDT 2022 

Hi Ludovic,

The idea is to enable applications that rely specifically on PC/SC to
be delivered as web apps instead of native apps.

The AusweisApp2[1] for instance uses APDUs and sends control commands
to tell the reader device to establish a PACE channel with the card.
It also sends another control command to detect if the reader at hand
declares PACE support in the first place, because otherwise it
implements PACE directly in the host. And then you have the browser
talking to this app. That API would enable AusweisApp2 to be a web app
for instance.

Another example is remote access (or "remote desktop") applications.
They can enable the remote system, and the applications in that remote
system, to transparently access the card reader in the computer that
is running that remote access app. That also requires PC/SC API level.

Or a web-based kiosk with a card reader that reads RFID tags/badges
and changes its Web UI accordingly.

[1] https://www.ausweisapp.bund.de/en/home





On Sat, Aug 13, 2022 at 3:25 PM Ludovic Rousseau
<ludovic.rousseau at gmail.com> wrote:
>
> Hello Daniel,
>
> Le ven. 12 août 2022 à 17:44, Daniel d'Andrada <dandrader at google.com> a écrit :
> > [1] https://chromestatus.com/feature/6411735804674048
>
> From the web page above:
> "Motivation
>
> Smart cards are popular in the enterprise and governmental sectors. A
> governmental website could identify a citizen by communicating with a
> government-issued smart ID card inserted in a card reader without the
> need of external, native, applications. Similarly, an enterprise that
> issues smart cards to their employees could authenticate them in its
> corporate website using the employee's card inserted in a smart card
> reader needing only the browser itself."
>
> This is what PKCS#11 is used for. You can do a client web
> authentication using your employee badge.
>
> Do you plan to (re)implement a PKCS#11 library equivalent (something
> like OpenSC) in JavaScript in the web page?
>
> What are the problems with the "external, native, applications"?
>
> Regards,
>
> --
>  Dr. Ludovic Rousseau
>
> _______________________________________________
> pcsclite-muscle mailing list
> pcsclite-muscle at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle

More information about the pcsclite-muscle mailing list