Bug 24077 - Use of cryptographic tokens with WebKit
: Use of cryptographic tokens with WebKit
Status: UNCONFIRMED
: WebKit
New Bugs
: 528+ (Nightly build)
: All All
: P2 Enhancement
Assigned To:
:
: InRadar, ReviewedForRadar
:
:
  Show dependency treegraph
 
Reported: 2009-02-21 17:40 PST by
Modified: 2013-03-07 12:51 PST (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-02-21 17:40:19 PST
Hello, according to the European Law, which affects to all countries in European Union, citizens must be able to perform procedures with public administration using the Web.
In Europe, the Administration is much more important than in USA or any other non "social" (not socialist) political systems.
The most spreaded system to identity citizens available is the use of cryptographic tokens.
With Internet Explorer those tokens can be embedded using a secure Active X component based on Crypto API. Firefox has a great integration with the standard PKCS and has some custom Javascript functions to sign content.
Another option is to use a Java Applet. This is not the best option because most users have not the computing knowledge to install properly a JRE, even when this installation is done automatically. Moreover, when users have a Java desktop application, most of times the new JRE makes that software unusable. Finally, when the JRE uses PKCS it must open a system library so there is an important security concern.

As Public Administration we should give the chance to the citizen to use the preferred browser and operating system. The problem we (Balearic Islands Government) face is that it is not possible for as to add Cryptographic Token signature capabilities to authenticate our citizens without using Java. 
We would like Apple, Google and other companies that use WebKit to add Javascript functions to use Cryptographic Tokens in Macintosh, Windows and hopefully, Linux.

From our point of view the usage of Cryptographic tokens will be widely used by most of "social" (the opposite of "individualist", not "capitalist") countries.

Hope you add this enhancement so as we could allow Mac, Safari and Chrome users to our services without the usage of Java

Yours faithfully,
Pau Carré Cardona
------- Comment #1 From 2009-02-22 13:58:26 PST -------
<rdar://problem/6611526>
------- Comment #2 From 2009-12-24 04:54:28 PST -------
That would be great if PKCS11 support will be added for SmartCard Login. How can this be done?
------- Comment #3 From 2009-12-24 09:50:20 PST -------
Safari supports client-side SSL certificates, which are commonly used to authenticate users securely. Does this address your need? If not, could you please provide more information about the specific technology you'd like us to support? A link to documentation would help a lot.
------- Comment #4 From 2010-01-01 08:00:09 PST -------
Hi, Safari will not help for 2 reasons:
- it uses the OS native SmartCard layer (Windows CSP, Mac Token D) 
- there is no port for Linux

We would need to have a Cross platform Browser with PKC11 support. Like Firefox. We are now using Firefox but the overhead of features, size and not SDKable is a short term solution.

As we are using QT and WebKit we would like to switch to this framework in order to build a secure browser with SmartCard Login support. The only missing piece is out of the box PKCS11 support in the WebKit