ACTION-25: Formalize that when we have a key handle, operations on the key should apply on the source of the key
Formalize that when we have a key handle, operations on the key should apply on the source of the key
- State:
- closed
- Person:
- Wan-Teh Chang
- Due on:
- August 1, 2012
- Created on:
- July 25, 2012
- Related emails:
- No related emails
Related notes:
Searching for "provider" (as in cryptographic provider) in the specification, I
found that it is only mentioned in the non-normative Scope section. So I decided
to clarify this point in the Scope section.
At the end of the paragraph:
Additionally, rather than designing an API around cryptographic providers
or modules, the API is focused specifically around keys and opaque key
handles, which may or may not expose the underlying raw cryptographic keying
material to the application. The intent behind this is to allow an API that
is generic enough to allow conformant user agents to expose keys that are
stored within secure elements, if desired, but in such a manner that rich
web applications will not have to be coded with specific knowledge of the
key storage mechanism or its implementation details.
I added:
Although the API does not expose the notion of cryptographic providers or
modules, each key is internally bound to a cryptographic provider or module,
so web applications can rest assured that the right cryptographic provider
or module will be used to perform cryptographic operations involving that
key.
Display change log.