[Pcsclite-muscle] Proposal for a Web API for smart cards

Martin Paljak martin at martinpaljak.net
Thu Aug 25 07:37:46 PDT 2022


Could be that the issue was “solved” from browser perspective with the introduction of native messaging extensions. This solves it for desktop browsers, at least. If there is some kind of “harmonization” inside the industry for a specific javascript API - even better. The use case is _very_ niche. From browser perspective - it _is_ possible to talk to smart card readers with the help of webextensions and native messaging, so case closed.

Where standardization _would_ make sense is mobile browsers, but that is a very long road and nothing that resembles pcsc makes sense in that world.

There are specific interfaces that get exposed - FIDO/CTAP, NDEF. Seems like asking for a block device access API, when use cases revolve around file abstraction.

Web-nfc has actually evolved somewhere, but even that deals with “files” rather than pipes/disk blocks, and for a good reason (and I personally don’t believe it is a viable thing).

For future I’d rather start working with UWB sector-specific standards and relevant API-s that could be exposed on (mobile) browsers…

Best,
Martin

> On 25. Aug 2022, at 11:39, Sebastien Lorquet <sebastien at lorquet.fr> wrote:
> 
> Hi Daniel,
> 
> Your API feels like a very good idea (GP and PKCS11 are too applicative) and would be useful for us, we are stuck with a proprietary activeX running in Edge in IE mode)
> 
> However it feels a bit like XKCD #927...
> 
> It would be good however if such an API managed to enter the mainline browsers or be implementable with simple plugins that would work across all OSes and browsers. In particular Firefox (and chrome) on Windows, which are probably the largest market share.
> 
> Sebastien
> 
>> Le 17/08/2022 à 18:35, Daniel d'Andrada a écrit :
>> Hi Ludovic,
>> 
>> The idea is to enable applications that rely specifically on PC/SC to
>> be delivered as web apps instead of native apps.
>> 
>> The AusweisApp2[1] for instance uses APDUs and sends control commands
>> to tell the reader device to establish a PACE channel with the card.
>> It also sends another control command to detect if the reader at hand
>> declares PACE support in the first place, because otherwise it
>> implements PACE directly in the host. And then you have the browser
>> talking to this app. That API would enable AusweisApp2 to be a web app
>> for instance.
>> 
>> Another example is remote access (or "remote desktop") applications.
>> They can enable the remote system, and the applications in that remote
>> system, to transparently access the card reader in the computer that
>> is running that remote access app. That also requires PC/SC API level.
>> 
>> Or a web-based kiosk with a card reader that reads RFID tags/badges
>> and changes its Web UI accordingly.
>> 
>> [1] https://www.ausweisapp.bund.de/en/home
>> 
>> 
>> 
>> 
>> 
>>> On Sat, Aug 13, 2022 at 3:25 PM Ludovic Rousseau
>>> <ludovic.rousseau at gmail.com> wrote:
>>> Hello Daniel,
>>> 
>>> Le ven. 12 août 2022 à 17:44, Daniel d'Andrada <dandrader at google.com> a écrit :
>>>> [1] https://chromestatus.com/feature/6411735804674048
>>> From the web page above:
>>> "Motivation
>>> 
>>> Smart cards are popular in the enterprise and governmental sectors. A
>>> governmental website could identify a citizen by communicating with a
>>> government-issued smart ID card inserted in a card reader without the
>>> need of external, native, applications. Similarly, an enterprise that
>>> issues smart cards to their employees could authenticate them in its
>>> corporate website using the employee's card inserted in a smart card
>>> reader needing only the browser itself."
>>> 
>>> This is what PKCS#11 is used for. You can do a client web
>>> authentication using your employee badge.
>>> 
>>> Do you plan to (re)implement a PKCS#11 library equivalent (something
>>> like OpenSC) in JavaScript in the web page?
>>> 
>>> What are the problems with the "external, native, applications"?
>>> 
>>> Regards,
>>> 
>>> --
>>> Dr. Ludovic Rousseau
>>> 
>>> _______________________________________________
>>> pcsclite-muscle mailing list
>>> pcsclite-muscle at lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle
>> _______________________________________________
>> pcsclite-muscle mailing list
>> pcsclite-muscle at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle
> 
> _______________________________________________
> pcsclite-muscle mailing list
> pcsclite-muscle at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle



More information about the pcsclite-muscle mailing list