Not mentioned above but included in the explainer: To mitigate some of the obvious security concerns this API will only be available to Isolated Web Apps <https://github.com/WICG/isolated-web-apps>. Reilly Grant | Software Engineer | [email protected] | Google Chrome <https://www.google.com/chrome>
On Wed, Sep 21, 2022 at 8:00 AM 'Daniel d'Andrada' via blink-dev < [email protected]> wrote: > Contact [email protected] > > Explainerhttps://github.com/dandrader/web-smart-card/blob/main/README.md > > Summary > > Enables smart card (PC/SC) applications to move to the Web platform. It > gives them access to the PC/SC implementation (and card reader drivers) > available in the host OS. > > > Blink componentBlink > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> > > Motivation > > While there are other APIs that provide the right level of abstraction and > security properties for identity on the Web, such as WebAuthn, there are > domain-specific functions which can't be captured by such higher-level > APIs. A remote access (aka "remote desktop") web app letting the remote > machine access the host's card reader as if it were directly connected to > it. Enabling PC/SC applications on that remote machine to work without > modification, unaware that the card reader is not local. A web-based kiosk > could read even simple RFID badges via PC/SC and then display relevant > information on a screen. It's also not uncommon for such readers to need > control commands to put them into the proper state for reading the > particular type of card the application supports. > > > Initial public proposalhttps://github.com/WICG/proposals/issues/64 > > TAG review statusPending > > Risks > > > Interoperability and Compatibility > > > > *Gecko*: No signal > > *WebKit*: No signal > > *Web developers*: No signals > > *Other signals*: PC/SC developers. Generally positive. (see e-mail thread > <http://lists.infradead.org/pipermail/pcsclite-muscle/2022-August/001282.html> > ) > > WebView application risks > *Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications?* > > No > > > > Debuggability > > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?No > > Flag nameSmartCard > > Requires code in //chrome?Yes. Similarly to other device APIs like WebHID > and WebUSB. > > Estimated milestones > > No milestones specified > > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/6411735804674048 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BenBd9j9Ucy-BKqfQSk9hZxVG6-qm4H6X3%3DxT9U86KpiOpKeA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMYxMMrDnKwLFXCe4TdPGkLh3ObNGC0mvte9FtumJ6toig%40mail.gmail.com.
