Skip to toolbar

Community & Business Groups

Hardware Based Secure Services Community Group

Hardware token are offering secure services in the field of cryptographic operation, citizen identity and payment to native applications. This community group will analyze use cases where browser (and web application developers) could benefit from those secure services. The expected deliverables of this community group are (1) documented use cases, (2) technical requirements for implementing those secure services in user agents, (3) draft APIs, (4) group charter - integrating suggested improvements received during the W3C Hardware Security WG charter proposal review. Note : by hardware tokens, we mean technologies such as secure chips or secure elements, trusted execution environment, TPM....

Note: Community Groups are proposed and run by the community. Although W3C hosts these conversations, the groups do not necessarily represent the views of the W3C Membership or staff.

No Reports Yet Published

Learn more about publishing.

Chairs, when logged in, may publish draft and final reports. Please see report requirements.

Publish Reports

September is coming, what is next ?

The Hardware Based Secure Services has entered into an interesting phase. As the report is finalized (except few editorial issues to solve), the CG members are prototyping. The prototypes are expected to be showed during the W3C TPAC F2F meeting in September in Lisbon. The targeted audience is

  • CG members attending the meeting on monday (details to be transmitted soon on the mailing list), and
  • TPAC attendees on wednesday during a breakout session

The objective is to socialize the report and prototypes in order to get opinion from browser makers who objected to the creation of a working group on a similar scope.

 

 

Spring report activity

Since its kickoff in April 2016 the Community Group had been meeting on a regular basis, face to face, or via conference call. the Community group is now focused on the delivery of its report [1] that will include [2] :

  • use cases where hardware based token are useful for web application
  • technical description of two secure features : secure transaction confirmation and secure credential storage
  • some rationale for architectural choices

In parallel, some Community Group members are developing some proof of concept for demonstrating the feasibility of those secure services, on mobile and PC environments.

The next calls are expected to be on 12th of July and 26th of July at 14:00 UTC, call details will be sent on the mailing list, and irc channel will be #hb-secure-services. Minutes will be published on the mailing list [3], as usual.

In addition, the current report is open for any github issue or pull request from the public [4].

Just get on board and give your input !

The team (Virginie, David, Wendy, Rigo)

[1] https://rawgit.com/w3c/websec/gh-pages/hbss.html

[2] https://lists.w3.org/Archives/Public/public-hb-secure-services/2016Jun/0021.html

[3] https://lists.w3.org/Archives/Public/public-hb-secure-services/

[4] https://github.com/w3c/websec/labels/hbss

 

 

Initial workshop report

The Hardware-Based Secure Services Community Group met on the 26th and 27th of April at Morrison & Foerster’s offices in London. Read the chairs’ report and review slides presented by Gemalto, Morpho, and Deutsche Telekom.

At the workshop, we discussed two features in depth: Transaction Confirmation and Secure Credential Storage (key management). Join the CG mailing list to discuss these APIs and next steps.

CG Working Meeting, 26-27 April, London, UK

The Hardware-Based Secure Services CG will hold a working meeting 26-27 April, in London, to develop use cases and draft designs. Please see the workshop page for more information and to register your interest.

Objective of the meeting : The meeting will target 3 objectives : (1) describe use cases for the Hardware-Based Secure Services among the selected fields of identity/crypto/payment, (2) identify first technical requirements (including security and privacy ones), and (3) draft initial API(s) to address those use cases. We welcome demonstrations and and contributions of existing designs or prototypes.

 

Call for Participation in Hardware Based Secure Services Community Group

The Hardware Based Secure Services Community Group has been launched:


Hardware token are offering secure services in the field of cryptographic operation, citizen identity and payment to native applications. This community group will analyze use cases where browser (and web application developers) could benefit from those secure services. The expected deliverables of this community group are (1) documented use cases, (2) technical requirements for implementing those secure services in user agents, (3) draft APIs, (4) group charter – integrating suggested improvements received during the W3C Hardware Security WG charter proposal review.
Note : by hardware tokens, we mean technologies such as secure chips or secure elements, trusted execution environment, TPM….


In order to join the group, you will need a W3C account. Please note, however, that W3C Membership is not required to join a Community Group.

This is a community initiative. This group was originally proposed on 2016-04-02 by Virginie GALINDO. The following people supported its creation: Virginie GALINDO, Wendy Seltzer, Jeffrey Sonstein, Olivier Potonniée, Wayne Carr. W3C’s hosting of this group does not imply endorsement of the activities.

The group must now choose a chair. Read more about how to get started in a new group and good practice for running a group.

We invite you to share news of this new group in social media and other channels.

If you believe that there is an issue with this group that requires the attention of the W3C staff, please email us at site-comments@w3.org

Thank you,
W3C Community Development Team