Today the W3C announced a Workshop on Web Cryptography Next Steps, focused on authentication, hardware tokens, and next steps for cryptography on the Web. The workshop will be hosted by Microsoft on 10-11 September 2014, and will be sponsored by Google and Tyfone.
Many projects and companies are now requiring high security Web applications with improved authentication, and the W3C is positioned to enable technologies ranging from multi-factor authentication to smartcard-based authentication available to Web Applications. For an example of new relevant work, the Web Cryptography API will soon expose standardized cryptographic functionality to Web Applications across all major browsers. Possible topics include, but are not limited to the following:
- Multi-factor authentication and Web Applications
- The use of smartcards and other hardware tokens (dongles, SIM cards) with the Web Cryptography API
- Interactions of various identity systems with the Web Cryptography API and other APIs
- National eID schemes and Web applications
- Use-cases in high-value environments such as the financial industry and government
- Improving authentication using the Web Cryptography API
- Security analysis of APIs, including but not limited to the Web Cryptography API
- Issues around safe and secure private key storage
- Making APIs in this area developer-friendly
W3C membership is not required to participate. The event is open to all, but all participants are required to submit a position paper or statement of interest by 18 July 2014.