Overview.html
author "arangana <arun@mozilla.com>"
Thu, 05 Sep 2013 16:53:47 -0400
changeset 44 8d2331fc36f9
parent 43 4b378b7a24a2
child 45 7ac5c1a565b7
permissions -rw-r--r--
PubReady Tweaks
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
     1
<!DOCTYPE html>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     2
<html lang="en" dir="ltr" typeof="bibo:Document w3p:NOTE" about="" property="dcterms:language" content="en" prefix="bibo: http://purl.org/ontology/bibo/ w3p: http://www.w3.org/2001/02pd/rec54#">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     3
<head>
0
c0c67c2a2f92 Added the files for the first time
"Arun Ranganathan <arun@mozilla.com>"
parents:
diff changeset
     4
    <title>Web Cryptography API Use Cases</title>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     5
    <meta charset="utf-8">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     6
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     7
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     8
  <style>/*****************************************************************
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
     9
 * ReSpec 3 CSS
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    10
 * Robin Berjon - http://berjon.com/
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    11
 *****************************************************************/
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
    12
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    13
/* --- INLINES --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    14
em.rfc2119 { 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    15
    text-transform:     lowercase;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    16
    font-variant:       small-caps;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    17
    font-style:         normal;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    18
    color:              #900;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    19
}
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
    20
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    21
h1 acronym, h2 acronym, h3 acronym, h4 acronym, h5 acronym, h6 acronym, a acronym,
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    22
h1 abbr, h2 abbr, h3 abbr, h4 abbr, h5 abbr, h6 abbr, a abbr {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    23
    border: none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    24
}
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
    25
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    26
dfn {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    27
    font-weight:    bold;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    28
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    29
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    30
a.internalDFN {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    31
    color:  inherit;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    32
    border-bottom:  1px solid #99c;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    33
    text-decoration:    none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    34
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    35
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    36
a.externalDFN {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    37
    color:  inherit;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    38
    border-bottom:  1px dotted #ccc;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    39
    text-decoration:    none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    40
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    41
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    42
a.bibref {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    43
    text-decoration:    none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    44
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    45
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    46
cite .bibref {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    47
    font-style: normal;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    48
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    49
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    50
code {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    51
    color:  #ff4500;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    52
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    53
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    54
/* --- TOC --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    55
.toc a, .tof a {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    56
    text-decoration:    none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    57
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    58
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    59
a .secno, a .figno {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    60
    color:  #000;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    61
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    62
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    63
ul.tof, ol.tof {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    64
    list-style: none outside none;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    65
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    66
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    67
.caption {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    68
    margin-top: 0.5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    69
    font-style:   italic;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    70
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    71
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    72
/* --- TABLE --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    73
table.simple {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    74
    border-spacing: 0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    75
    border-collapse:    collapse;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    76
    border-bottom:  3px solid #005a9c;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    77
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    78
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    79
.simple th {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    80
    background: #005a9c;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    81
    color:  #fff;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    82
    padding:    3px 5px;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    83
    text-align: left;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    84
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    85
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    86
.simple th[scope="row"] {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    87
    background: inherit;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    88
    color:  inherit;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    89
    border-top: 1px solid #ddd;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    90
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    91
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    92
.simple td {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    93
    padding:    3px 10px;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    94
    border-top: 1px solid #ddd;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    95
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    96
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    97
.simple tr:nth-child(even) {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    98
    background: #f0f6ff;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
    99
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   100
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   101
/* --- DL --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   102
.section dd > p:first-child {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   103
    margin-top: 0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   104
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   105
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   106
.section dd > p:last-child {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   107
    margin-bottom: 0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   108
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   109
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   110
.section dd {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   111
    margin-bottom:  1em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   112
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   113
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   114
.section dl.attrs dd, .section dl.eldef dd {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   115
    margin-bottom:  0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   116
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   117
</style><style>/* --- EXAMPLES --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   118
div.example-title {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   119
    min-width: 7.5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   120
    color: #b9ab2d;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   121
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   122
div.example-title span {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   123
    text-transform: uppercase;   
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   124
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   125
aside.example, div.example, div.illegal-example {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   126
    padding: 0.5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   127
    margin: 1em 0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   128
    position: relative;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   129
    clear: both;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   130
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   131
div.illegal-example { color: red }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   132
div.illegal-example p { color: black }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   133
aside.example, div.example {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   134
    padding: .5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   135
    border-left-width: .5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   136
    border-left-style: solid;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   137
    border-color: #e0cb52;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   138
    background: #fcfaee;    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   139
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   140
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   141
aside.example div.example {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   142
    border-left-width: .1em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   143
    border-color: #999;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   144
    background: #fff;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   145
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   146
aside.example div.example div.example-title {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   147
    color: #999;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   148
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   149
</style><style>/* --- ISSUES/NOTES --- */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   150
div.issue-title, div.note-title {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   151
    padding-right:  1em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   152
    min-width: 7.5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   153
    color: #b9ab2d;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   154
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   155
div.issue-title { color: #e05252; }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   156
div.note-title { color: #2b2; }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   157
div.issue-title span, div.note-title span {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   158
    text-transform: uppercase;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   159
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   160
div.note, div.issue {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   161
    margin-top: 1em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   162
    margin-bottom: 1em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   163
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   164
.note > p:first-child, .issue > p:first-child { margin-top: 0 }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   165
.issue, .note {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   166
    padding: .5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   167
    border-left-width: .5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   168
    border-left-style: solid;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   169
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   170
div.issue, div.note {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   171
    padding: 1em 1.2em 0.5em;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   172
    margin: 1em 0;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   173
    position: relative;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   174
    clear: both;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   175
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   176
span.note, span.issue { padding: .1em .5em .15em; }
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   177
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   178
.issue {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   179
    border-color: #e05252;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   180
    background: #fbe9e9;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   181
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   182
.note {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   183
    border-color: #52e052;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   184
    background: #e9fbe9;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   185
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   186
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   187
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   188
</style><style>/* HIGHLIGHTS */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   189
code.prettyprint {
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   190
    color:  inherit;
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   191
}
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   192
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   193
/* this from google-code-prettify */
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   194
.pln{color:#000}@media screen{.str{color:#080}.kwd{color:#008}.com{color:#800}.typ{color:#606}.lit{color:#066}.pun,.opn,.clo{color:#660}.tag{color:#008}.atn{color:#606}.atv{color:#080}.dec,.var{color:#606}.fun{color:red}}@media print,projection{.str{color:#060}.kwd{color:#006;font-weight:bold}.com{color:#600;font-style:italic}.typ{color:#404;font-weight:bold}.lit{color:#044}.pun,.opn,.clo{color:#440}.tag{color:#006;font-weight:bold}.atn{color:#404}.atv{color:#060}}ol.linenums{margin-top:0;margin-bottom:0}li.L0,li.L1,li.L2,li.L3,li.L5,li.L6,li.L7,li.L8{list-style-type:none}li.L1,li.L3,li.L5,li.L7,li.L9{background:#eee}
44
8d2331fc36f9 PubReady Tweaks
"arangana <arun@mozilla.com>"
parents: 43
diff changeset
   195
</style><link rel="stylesheet" href="http://www.w3.org/StyleSheets/TR/W3C-WG-NOTE" /></head>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   196
  <body class="h-entry" role="document" id="respecDocument"><div class="head" role="contentinfo" id="respecHeader">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   197
  <p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   198
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   199
      <a href="http://www.w3.org/"><img width="72" height="48" src="https://www.w3.org/Icons/w3c_home" alt="W3C"></a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   200
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   201
  </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   202
  <h1 class="title p-name" id="title" property="dcterms:title">Web Cryptography API Use Cases</h1>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   203
  
43
4b378b7a24a2 PubReady Tweaks
"arangana <arun@mozilla.com>"
parents: 42
diff changeset
   204
  <h2 property="dcterms:issued" datatype="xsd:dateTime" content="2013-08-22T19:09:42.000Z" id="w3c-working-group-note-10-september-2013"><abbr title="World Wide Web Consortium">W3C</abbr> Working Group Note <time class="dt-published" datetime="2013-09-10">10 September 2013</time></h2>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   205
  <dl>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   206
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   207
      <dt>This version:</dt>
43
4b378b7a24a2 PubReady Tweaks
"arangana <arun@mozilla.com>"
parents: 42
diff changeset
   208
      <dd><a class="u-url" href="http://www.w3.org/TR/2013/NOTE-webcrypto-usecases-20130827/">http://www.w3.org/TR/2013/NOTE-webcrypto-usecases-20130910/</a></dd>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   209
      <dt>Latest published version:</dt>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   210
      <dd><a href="http://www.w3.org/TR/webcrypto-usecases/">http://www.w3.org/TR/webcrypto-usecases/</a></dd>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   211
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   212
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   213
      <dt>Latest editor's draft:</dt>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   214
      <dd><a href="https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/tip/Overview.html">https://dvcs.w3.org/hg/webcrypto-usecases/raw-file/tip/Overview.html</a></dd>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   215
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   216
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   217
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   218
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   219
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   220
      <dt>Previous version:</dt>
41
819335fae857 PubReady Prev Link Updated
"arangana <arun@mozilla.com>"
parents: 40
diff changeset
   221
      <dd><a rel="dcterms:replaces" href="http://www.w3.org/TR/2013/WD-webcrypto-usecases-20130108/">http://www.w3.org/TR/2013/WD-webcrypto-usecases-20130108/</a></dd>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   222
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   223
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   224
    <dt>Editor:</dt>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   225
    <dd class="p-author h-card vcard" rel="bibo:editor" inlist=""><span typeof="foaf:Person"><a class="u-url url p-name fn" rel="foaf:homepage" property="foaf:name" content="Arun Ranganathan" href="http://arunranga.com">Arun Ranganathan</a>, <a rel="foaf:workplaceHomepage" class="p-org org h-org h-card" href="http://www.mozilla.org/">Mozilla</a></span>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   226
</dd>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   227
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   228
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   229
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   230
  </dl>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   231
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   232
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   233
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   234
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   235
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   236
      <p class="copyright">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   237
        <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> ©
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   238
        2013
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   239
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   240
        <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   241
        (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>,
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   242
        <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>,
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   243
        <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>), All Rights Reserved.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   244
        <abbr title="World Wide Web Consortium">W3C</abbr> <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   245
        <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   246
        <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   247
      </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   248
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   249
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   250
  <hr>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   251
</div>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   252
    <section id="abstract" class="introductory" property="dcterms:abstract" datatype="" typeof="bibo:Chapter" resource="#abstract" rel="bibo:chapter"><h2 aria-level="1" role="heading" id="h2_abstract">Abstract</h2><p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   253
      This document is NOT a recommendation track document, and should be read as an informative overview of the target use cases for a cryptographic API for the web. These use cases, described as scenarios, represent some of the set of expected functionality that may be achieved by the Web Cryptography API [<cite><a class="bibref" href="#bib-WebCryptoAPI">WebCryptoAPI</a></cite>]  which provides an API for cryptographic operations such as encryption and decryption, and the Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>], which specifically covers the ability to access cryptographic keys that have been pre-provisioned. As both APIs are under construction, the reader should consult each specification for changes, and should treat sample code provided here as illustrative only. Presented here are primary use cases, showing what the working group hopes to achieve first. 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   254
    </p></section><section id="sotd" class="introductory" typeof="bibo:Chapter" resource="#sotd" rel="bibo:chapter"><h2 aria-level="1" role="heading" id="h2_sotd">Status of This Document</h2>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   255
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   256
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   257
      
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   258
        <p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   259
          <em>This section describes the status of this document at the time of its publication. Other
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   260
          documents may supersede this document. A list of current <abbr title="World Wide Web Consortium">W3C</abbr> publications and the latest revision
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   261
          of this technical report can be found in the <a href="http://www.w3.org/TR/"><abbr title="World Wide Web Consortium">W3C</abbr> technical reports
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   262
          index</a> at http://www.w3.org/TR/.</em>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   263
        </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   264
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   265
        <p>
43
4b378b7a24a2 PubReady Tweaks
"arangana <arun@mozilla.com>"
parents: 42
diff changeset
   266
          This document was published by the <a href="http://www.w3.org/2012/webcrypto/">Web Cryptography Working Group</a> as a Working Group Note.
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   267
          
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   268
          
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   269
          If you wish to make comments regarding this document, please send them to 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   270
          <a href="mailto:public-webcrypto@w3.org">public-webcrypto@w3.org</a> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   271
          (<a href="mailto:public-webcrypto-request@w3.org?subject=subscribe">subscribe</a>,
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   272
          <a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>).
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   273
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   274
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   275
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   276
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   277
            All comments are welcome.</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   278
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   279
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   280
          <p>
43
4b378b7a24a2 PubReady Tweaks
"arangana <arun@mozilla.com>"
parents: 42
diff changeset
   281
            Publication as a Working Group Note does not imply endorsement by the <abbr title="World Wide Web Consortium">W3C</abbr> Membership.
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   282
            This is a draft document and may be updated, replaced or obsoleted by other documents at 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   283
            any time. It is inappropriate to cite this document as other than work in progress.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   284
          </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   285
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   286
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   287
        <p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   288
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   289
            This document was produced by a group operating under the 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   290
             
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   291
                <a id="sotd_patent" about="" rel="w3p:patentRules" href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   292
            
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   293
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   294
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   295
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   296
            
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   297
              <abbr title="World Wide Web Consortium">W3C</abbr> maintains a <a href="" rel="disclosure">public list of any patent disclosures</a> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   298
            
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   299
            made in connection with the deliverables of the group; that page also includes instructions for 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   300
            disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   301
            <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential Claim(s)</a> must disclose the
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   302
            information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   303
            6 of the <abbr title="World Wide Web Consortium">W3C</abbr> Patent Policy</a>.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   304
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   305
          
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   306
        </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   307
        
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   308
      
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   309
    
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   310
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   311
</section><section id="toc"><h2 class="introductory" aria-level="1" role="heading" id="h2_toc">Table of Contents</h2><ul class="toc" role="directory" id="respecContents"><li class="tocline"><a href="#nonGoals" class="tocxref"><span class="secno">1. </span>Some Non-Goals</a></li><li class="tocline"><a href="#reqs" class="tocxref"><span class="secno">2. </span>Requirements Covered By Use Cases</a></li><li class="tocline"><a href="#use-case-scenarios" class="tocxref"><span class="secno">3. </span>Use Case Scenarios</a><ul class="toc"><li class="tocline"><a href="#banking-transactions" class="tocxref"><span class="secno">3.1 </span>Banking Transactions</a></li><li class="tocline"><a href="#authenticated-video-services" class="tocxref"><span class="secno">3.2 </span>Authenticated Video Services</a></li><li class="tocline"><a href="#code-sanctity-and-bandwidth-saver" class="tocxref"><span class="secno">3.3 </span>Code Sanctity and Bandwidth Saver</a></li><li class="tocline"><a href="#encrypted-communications-via-webmail" class="tocxref"><span class="secno">3.4 </span>Encrypted Communications via Webmail</a></li><li class="tocline"><a href="#off-the-record-real-time-messaging" class="tocxref"><span class="secno">3.5 </span>Off The Record Real Time Messaging</a></li><li class="tocline"><a href="#documents-in-the-cloud" class="tocxref"><span class="secno">3.6 </span>Documents In The Cloud</a></li><li class="tocline"><a href="#browserid-use-of-cryptography-for-identity-protocols" class="tocxref"><span class="secno">3.7 </span>BrowserID: Use of Cryptography for Identity Protocols</a></li></ul></li><li class="tocline"><a href="#acknowledgements" class="tocxref"><span class="secno">A. </span>Acknowledgements</a></li><li class="tocline"><a href="#references" class="tocxref"><span class="secno">B. </span>References</a><ul class="toc"><li class="tocline"><a href="#informative-references" class="tocxref"><span class="secno">B.1 </span>Informative references</a></li></ul></li></ul></section>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   312
    <section id="nonGoals" typeof="bibo:Chapter" resource="#nonGoals" rel="bibo:chapter">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   313
      <!--OddPage--><h2 aria-level="1" role="heading" id="h2_nonGoals"><span class="secno">1. </span>Some Non-Goals</h2>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   314
      <p>Certain popular use cases for cryptography on the web do not correspond to the combined capabilities of the Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>] or the Web Cryptography API [<cite><a class="bibref" href="#bib-WebCryptoAPI">WebCryptoAPI</a></cite>], and these use cases are not addressed here.  These include:
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   315
      </p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   316
      <ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   317
        <li><p>Any use case requiring a relaxation or violation of the same-origin policy in JavaScript, implemented by all the major web browsers [<cite><a class="bibref" href="#bib-HTML">HTML</a></cite>].  This includes use cases that require direct access to cryptographic material that is not domain-specific from a key store that is not domain specific.  Currently, certain banking transactions require citizens to obtain certificates that are centrally issued, and that are user specific yet not domain specific, and that are used by multiple institutions, each having separate domains, each of which can call upon a hardware-based cryptographic material store.  Such use cases aren't directly addressed by the combination of the Web Cryptography API [<cite><a class="bibref" href="#bib-WebCryptoAPI">WebCryptoAPI</a></cite>] or the Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>].  Instead, use cases that require cryptographic material to be shared between domains can leverage cross-origin messaging [<cite><a class="bibref" href="#bib-HTML">HTML</a></cite>] and the structured clonability of key objects in JavaScript [<cite><a class="bibref" href="#bib-WebCryptoAPI">WebCryptoAPI</a></cite>], or the importing and exporting of cryptographic keys across domains; such use cases <em>are</em> covered in this document.  Another use case not addressed here for the same reason is the case of a centrally issued electronic identity (eID) that exposes a certificate chain to web applications for use with digital signatures.</p> </li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   318
        <li><p>Any use case that expressly requires the use of auxiliary cryptographic hardware, including smart cards or USB dongles.  Other standardization activities may provide mechanisms for these technologies to interact with web applications, but such use cases fall beyond the scope of this document.  Examples of this type of use case include "advanced electronic signatures" which rely on certificates issued on secure hardware by certifying authorities, typically acting under the aegis of state governments.</p></li>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   319
      </ol>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   320
    </section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   321
    <section id="reqs" typeof="bibo:Chapter" resource="#reqs" rel="bibo:chapter">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   322
      <!--OddPage--><h2 aria-level="1" role="heading" id="h2_reqs"><span class="secno">2. </span>Requirements Covered By Use Cases</h2>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   323
      <p>This section presents required features of a cryptographic API, particularly the features that this use cases document will rely on.  It is possible that there is more than one algorithm and more than one mechanism to accomplish each of these features.  The section presents code names for each of the features, which will be used alongside each scenario, illustrating which feature is used.  The term <dfn id="document">document</dfn> is used to refer to any data exchange format usable within HTML [<cite><a class="bibref" href="#bib-HTML">HTML</a></cite>] web applications, which ranges from plain text to images and videos, inclusive of marked-up formats.</p>
0
c0c67c2a2f92 Added the files for the first time
"Arun Ranganathan <arun@mozilla.com>"
parents:
diff changeset
   324
    <ul>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   325
      <li><p><dfn title="digest" id="digest">DIGEST</dfn>, the ability to perform a cryptographic hash, where an algorithm that takes an arbitrary block of data returns a fixed-size bit sequence, called the <dfn id="hash-value">hash value</dfn>, such that any change to the block of data changes the hash value.</p></li>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   326
      <li><p><dfn title="mac" id="mac">MAC</dfn>, the ability to generate a <em>message authentication code</em>, using an algorithm, with <dfn id="hmac">HMAC</dfn> being a specific kind of message authentication code, with a specific algorithm.</p></li>
37
5765a3364579 Cleaned up document and changed key discovery examples
"arangana <arun@mozilla.com>"
parents: 36
diff changeset
   327
      <li><p><dfn title="sign" id="sign">SIGN</dfn>, the ability to digitally sign a document with a private key, such that upon verification of the signature with the corresponding public key, the document's authenticity from the point of view of the signature can be determined.  </p></li>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   328
      <li><p><dfn title="verify" id="verify">VERIFY</dfn>, the ability to verify a digitally signed document, as well as verify a MAC or HMAC.</p></li>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   329
      <li><p><dfn title="encrypt" id="encrypt">ENCRYPT</dfn>, the ability to encode a document using an encryption algorithm.  <dfn id="encrypt-sym">ENCRYPT-SYM</dfn> is a specific type of encryption using symmetric cryptographic keys, and <dfn id="encrypt-assym">ENCRYPT-ASSYM</dfn> is a specific type of encryption using assymetric cryptographic keys, typically a public and private key pair.</p></li> 
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   330
      <li><p><dfn title="decrypt" id="decrypt">DECRYPT</dfn>, the ability to decrypt a digitally signed document.  <dfn id="decrypt-sym">DECRYPT-SYM</dfn> is a specific type of decryption using symmetric keys, and <dfn id="decrypt-assym">DECRYPT-ASSYM</dfn> is a specific type of decryption using assymetric keys, typically a public and private key pair.</p></li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   331
      <li><p><dfn title="derive" id="derive">DERIVE</dfn>, the ability to derive a key or key pair used in cryptographic operations, starting with a base key, and factors such as algorithms appropriate for key derivation; <dfn id="derive-assym">DERIVE-ASSYM</dfn> is the ability to derive assymetric keys, typically a public and private key pair, for use with assymetric cryptographic operations, and <dfn id="derive-sym">DERIVE-SYM</dfn> is the ability to derive a symmetric key for use with symmetric cryptographic operations.</p></li>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   332
      <li><p><dfn title="keygen" id="keygen">KEYGEN</dfn>, the ability to generate a key or key pair used in cryptographic operations, without an initial base key, and using factors such as the entropy of the computing system and algorithms appropriate for key or key pair generation; <dfn id="keygen-assym">KEYGEN-ASSYM</dfn> is the ability to generate assymetric keys, typically a public and private key pair, for use with assymetric cryptographic operations, and <dfn id="keygen-sym">KEYGEN-SYM</dfn> is the ability to derive a symmetric key for use with symmetric cryptographic operations.</p></li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   333
      <li><p><dfn title="import" id="import">IMPORT</dfn>, the ability to import a key or key pair that have already been created elsewhere, for use within the web application that is invoking the import function, for use within the importing web application's origin.  This necessiates an interoperable key format, such as JSON Web Key [<cite><a class="bibref" href="#bib-JWK">JWK</a></cite>] which may be represented as octets.</p></li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   334
      <li><p><dfn title="export" id="export">EXPORT</dfn>, the ability to export a key or key pair that can be accessed from within the application that is invoking the export function.  This necessiates an interoperable key format, such as JSON Web Key [<cite><a class="bibref" href="#bib-JWK">JWK</a></cite>] which may be represented as octets, that other web applications can then import.</p></li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   335
      <li><p><dfn title="keyex" id="keyex">KEYEX</dfn>, the ability for two entities to exchange key(s) without interception by a third party, with <dfn id="keyex-dh">KEYEX-DH</dfn> representing Diffie-Hellman key exchange, a common application of safe key exchange. </p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   336
      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_1"><span>Note</span></div><div class="">This feature doesn't imply that every aspect of key exchange is covered, since much of key exchange often includes a network component, which isn't covered by the API.  The <a title="derive" href="#derive" class="internalDFN">DERIVE</a> feature, coupled with an a network exchange of key data outside the scope of this API, may be all that is required.</div></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   337
      </li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   338
      <li><p><dfn title="keycall" id="keycall">KEYCALL</dfn>, the ability to access a particular key (or key pair) from within a web application's key storage, which is within the web application's origin only, and has been generated, derived, or imported by that web application.  Here, the key storage might be IndexedDB [<cite><a class="bibref" href="#bib-INDEXEDDB">INDEXEDDB</a></cite>] or <code>localStorage</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>].  This feature should be compared and contrasted with <a title="namedkey" href="#namedkey" class="internalDFN">NAMEDKEY</a>.</p></li>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   339
      <li><p><dfn title="sym" id="sym">-SYM</dfn>, an abbreviation for <em>symmetric key cryptographic operations</em>, used in this document as a suffix to other features to specifically clarify the feature being invoked by the web application.</p></li>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   340
      <li><p><dfn title="assym" id="assym">-ASSYM</dfn>, an abbreviation for <em>assymetric key cryptographic operations</em>, typically involving a public and private key pair, used in this document as a suffix to other features to specifically clarify the feature being invoked by the web application.</p></li>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   341
      <li><p><dfn title="random" id="random">RANDOM</dfn>, the ability to generate cryptographically secure random numbers.</p></li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   342
      <li><p><dfn title="JSONWebKey" id="JSONWebKey">JWK</dfn>, the ability to represent public keys in the JSON Web Key format [<cite><a class="bibref" href="#bib-JWK">JWK</a></cite>].  JWK keys can be imported [<a title="import" href="#import" class="internalDFN">IMPORT</a>] and exported [<a title="export" href="#export" class="internalDFN">EXPORT</a>].</p></li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   343
      <li><p><dfn title="wrap" id="wrap">WRAP</dfn> which allows a web application to use a key to <em>wrap another key</em>, so that the wrapped key can be unwrapped by a party with the corresponding wrapping key.  While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript. <dfn title="wrap-sym" id="wrap-sym">WRAP-SYM</dfn> refers to symmetric key wrapping, and <dfn title="wrap-assym" id="dfn-wrap-assym">WRAP-ASSYM</dfn> refers to assymetric key wrapping.</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   344
      </li><li><p><dfn id="unwrap">UNWRAP</dfn> which allows a web application to use a key to unwrap another encrypted key or key pair, which can then be used in standard cryptographic operations.  While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript.  <dfn id="unwrap-sym" title="unwrap-sym">UNWRAP-SYM</dfn> refers to symmetric unwrapping, and <dfn id="unwrap-assym" title="unwrap-assym">UNWRAP-ASSYM</dfn> refers to assymetric unwrapping.</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   345
      <div class="issue"><div class="issue-title" aria-level="2" role="heading" id="h_issue_1"><span>Issue 1</span></div><div class=""><p>This feature is subject to discussion. See <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a> logged by the WebCrypto WG.</p></div></div>
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   346
    </li>
24
fd25e9ba869b Fixed broken links and ercim.eu
"arangana <arun@mozilla.com>"
parents: 23
diff changeset
   347
      <li><p><dfn id="namedkey">NAMEDKEY</dfn> which allows an application in JavaScript to discover a <dfn id="pre-prov">pre-provisioned</dfn> key within the scope of the application's origin, which exists at the time of the application's first invocation, and has not been derived, generated or imported by the application using any of the features listed above; such keys may have been provisioned by a device manufacturer, for example, and the JavaSript application can access them for initial authorization and authentication at time of first invocation. </p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   348
      <div class="note"><div class="note-title" aria-level="2" role="heading" id="h_note_2"><span>Note</span></div><div class=""><p>This feature is developed in the Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>].</p></div></div>
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   349
    </li>
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   350
  </ul>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   351
    </section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   352
    <section id="use-case-scenarios">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   353
      <!--OddPage--><h2 aria-level="1" role="heading" id="h2_use-case-scenarios"><span class="secno">3. </span>Use Case Scenarios</h2>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   354
      <p>This section collates use case scenarios that leverages the WebCrypto API [<cite><a class="bibref" href="#bib-WebCryptoAPI">WebCryptoAPI</a></cite>] or the Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>]; in particular, these use cases leverage all the features listed above as <a href="#reqs">requirements</a>.  Where possible, sample code is provided, and should be considered illustrative only, since the underlying API specifications are changing.</p>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   355
    
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   356
      <section id="banking-transactions">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   357
      <h3 aria-level="2" role="heading" id="h3_banking-transactions"><span class="secno">3.1 </span>Banking Transactions</h3>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   358
      <p>Park Jae-sang opens up a bank account with Gangnam Bank, and wishes to log-in and engage in online transactions, including account balance checking, online payments (with some automated scheduled payments), and account transfers between domestic and investment accounts.  The first time Park logs in to the Gangnam Bank website (abbreviated "GB") with a temporary verification code sent to his cell phone, the bank asks him to ascertain if the browser he is using is not at a kiosk; moreover, he is asked if it is a web browser and machine configuration he will use often.</p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   359
      <p>He confirms that it is.  The GB web site then generates a public key/private key pair and stores the key pair in client-side storage, along with a one-time key escrow by the bank.  Additionally, Jae-sang is presented with the bank's public key, such that documents issued by the bank can be verified and decrypted.  Jae-sang is also presented with a user guide that explains the validity period of the key pair, and for how long they will persist.  [<a title="keygen" href="#keygen" class="internalDFN">KEYGEN-ASSYM</a>].</p>
34
ebe63375c830 Cleaned up respec hyperlinks as well as took into account Karen nits
"arangana <arun@mozilla.com>"
parents: 33
diff changeset
   360
      <p>GB may generate assymetric keys as in the example below. </p>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   361
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   362
      <div class="example"><div class="example-title"><span>Example 1</span></div><pre class="example hightlight prettyprint"><span class="com">// Algorithm Object</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   363
</span><span class="kwd">var</span><span class="pln"> algorithmKeyGen </span><span class="pun">=</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   364
name</span><span class="pun">:</span><span class="pln"> </span><span class="str">"RSASSA-PKCS1-v1_5"</span><span class="pun">,</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   365
</span><span class="com">// RsaKeyGenParams</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   366
  </span><span class="kwd">params</span><span class="pun">:</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   367
    modulusLength</span><span class="pun">:</span><span class="pln"> </span><span class="lit">2048</span><span class="pun">,</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   368
    publicExponent</span><span class="pun">:</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> </span><span class="typ">Uint8Array</span><span class="pun">([</span><span class="lit">0x01</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0x00</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0x01</span><span class="pun">]),</span><span class="pln">  </span><span class="com">// Equivalent to 65537</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   369
  </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   370
</span><span class="pun">};</span><span class="pln">
3
55f4c617ed05 Cleaned up banking examples
"arangana <arun@mozilla.com>"
parents: 2
diff changeset
   371
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   372
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   373
window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">generateKey</span><span class="pun">(</span><span class="pln">algorithmKeyGen</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">,</span><span class="pln"> </span><span class="pun">[</span><span class="str">"sign"</span><span class="pun">]).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   374
  </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">keyPair</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   375
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   376
    </span><span class="com">// Store the key pair in IndexedDB</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   377
  </span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   378
  console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">"Unable to generate keys -- call your Banker or retry later."</span><span class="pun">));</span><span class="pln"> </span></pre></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   379
 
34
ebe63375c830 Cleaned up respec hyperlinks as well as took into account Karen nits
"arangana <arun@mozilla.com>"
parents: 33
diff changeset
   380
<p>Subsequent access to the GB website -- always over TLS -- may use keypairs for Jae-sang generated by GB.  For instance, JavaScript initially loaded by GB may contain a message that only Jae-sang can decipher, since it is encrypted with his public key; moreover, that message is signed by GB, which gives Jae-sang confidence that the message originates from GB, whose public key is used to verify signed messages by GB. The message is deciphered, and the deciphered message is then digitally signed and sent back to the GB server. </p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   381
<p>  [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="decrypt-assym" href="#decrypt-assym" class="internalDFN">DECRYPT-ASSYM</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a>]</p>  
34
ebe63375c830 Cleaned up respec hyperlinks as well as took into account Karen nits
"arangana <arun@mozilla.com>"
parents: 33
diff changeset
   382
<p>In the example below, an encrypted message is signed by GB. The signature is verified, and upon successful verification of the digital signature, the encrypted message is decrypted. The decrypted message is then processed. This example should be seen as a simplification for illustrative purposes only. </p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   383
<div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_2"><span>Issue 2</span></div><div class=""><p>Semantics of the verify operation are still TBD in the group.  Moreover, some of this is best demonstrated using WRAP/UNWRAP, which still has unstable semantics. TODO: create another example using WRAP/UNWRAP.</p></div></div>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   384
<div class="example"><div class="example-title"><span>Example 2</span></div><pre class="example highlight prettyprint"><span class="com">// Encrypted and Signed Message generated by GB... the ellipsis are added. </span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   385
</span><span class="com">// This could be in a parsable JWT format such that portions with signature and message are easily understood</span><span class="pln">
1
29781dff983b Fleshed out banking scenario a bit more
"arangana <arun@mozilla.com>"
parents: 0
diff changeset
   386
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   387
</span><span class="kwd">var</span><span class="pln"> cat </span><span class="pun">=</span><span class="pln"> </span><span class="str">"qANQR1DBw04Dk2uPpEjcJT8QD/0VCfFK2XDM5Cg4iTRwmXrB+Pp8SMK5x09WkYqc... "</span><span class="pun">;</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   388
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   389
</span><span class="com">/** 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   390
  1. Generate an ArrayBufferView of the overall message.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   391
  2. Bit-manipulate this with the ArrayBufferView API to obtain the portion of bytes 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   392
  constituting the signature as an ArrayBufferView, and the message as an ArrayBufferView.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   393
  This could use JWT objects.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   394
  3. Obtain the public key of GB from IndexedDB -- pubGBKeySign -- a step not shown here.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   395
  4. Verify the signature.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   396
  5. Upon verification, decrypt the message.  This message can be decrypted only by Jae-Sang, using his private key          
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   397
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   398
**/</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   399
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   400
</span><span class="kwd">var</span><span class="pln"> data </span><span class="pun">=</span><span class="pln"> createArrayBufferView</span><span class="pun">(</span><span class="pln">cat</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   401
</span><span class="kwd">var</span><span class="pln"> signature </span><span class="pun">=</span><span class="pln"> extractSignature</span><span class="pun">(</span><span class="pln">data</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   402
</span><span class="kwd">var</span><span class="pln"> pMessage </span><span class="pun">=</span><span class="pln"> extractMessage</span><span class="pun">(</span><span class="pln">data</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   403
</span><span class="kwd">var</span><span class="pln"> mRSARFC3447 </span><span class="pun">=</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   404
  name</span><span class="pun">:</span><span class="pln"> </span><span class="str">"RSASSA-PKCS1-v1_5"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">params</span><span class="pun">:</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   405
                    hash</span><span class="pun">:</span><span class="pln"> </span><span class="str">"SHA-256"</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   406
                </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   407
</span><span class="pun">};</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   408
</span><span class="com">// Verify GB signature</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   409
window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">verify</span><span class="pun">(</span><span class="pln">mRSARFC3447</span><span class="pun">,</span><span class="pln"> pubGBKeySign</span><span class="pun">,</span><span class="pln"> signature</span><span class="pun">).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   410
</span><span class="kwd">function</span><span class="pun">(</span><span class="pln">verified</span><span class="pun">){</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   411
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   412
</span><span class="com">/* 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   413
  If verified, obtain a prvKeyEncrypt from IndexedDB representing Jae-sang's private key and:
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   414
  1. Decrypt the message.  Note that here, typically the encryption key might be symmetric
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   415
     and wrapped.  This sample simplifies this by not demonstrating key wrapping.
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   416
  2. Do further operations, like sign the decrypted message and send it back
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   417
  Else the signature is invalid -- abort
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   418
*/</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   419
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   420
  </span><span class="kwd">return</span><span class="pln"> window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">decrypt</span><span class="pun">(</span><span class="str">"RSAES-PKCS1-v1_5"</span><span class="pun">,</span><span class="pln"> prvKeyEncrypt</span><span class="pun">,</span><span class="pln"> pMessage</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   421
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   422
</span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   423
console</span><span class="pun">.</span><span class="pln">log</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">"Verification Error!  Contact Bank."</span><span class="pun">)).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   424
</span><span class="kwd">function</span><span class="pln"> decrypted</span><span class="pun">(</span><span class="pln">message</span><span class="pun">){</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   425
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   426
  </span><span class="com">// Conduct operations on GB message</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   427
  </span><span class="com">// This could include signing the decrypted message and sending it back to GB</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   428
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   429
</span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   430
console</span><span class="pun">.</span><span class="pln">error</span><span class="pun">.</span><span class="pln">bind</span><span class="pun">(</span><span class="pln">console</span><span class="pun">,</span><span class="pln"> </span><span class="str">"Decryption Error!  Contact Bank."</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   431
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   432
</span><span class="pun">);</span></pre></div>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   433
<p>
34
ebe63375c830 Cleaned up respec hyperlinks as well as took into account Karen nits
"arangana <arun@mozilla.com>"
parents: 33
diff changeset
   434
As long as Jae-sang uses the same browser, within the validity period of the keys that he generated, he can use them as credentials by signing, verifying,  encrypting and decrypting bits of data sent by GB.  Additionally, Jae-sang can digitally sign online checks, authorize payments, and sign tax forms that he submits to the bank site using similarly generated assymetric keys. He can also perform the following tasks:</p>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   435
<ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   436
    <li>Submit documents to GB that only GB can read, with the assurance that these have come from Jae-sang. Such documents include confidential financial information, and may be encrypted at submission. This can follow the well-understood pattern of wrapping keys using assymetric encryption, but encrypting and decrypting larger documents using symmetric encryption. [<a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="derive-sym" href="#derive-sym" class="internalDFN">DERIVE-SYM</a> | <a title="encrypt-sym" href="#encrypt-sym" class="internalDFN">ENCRYPT-SYM</a> | <a title="wrap" href="#wrap" class="internalDFN">WRAP-ASSYM</a>]</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   437
  <li>Receive encrypted documents from GB that only he can read, with the assurance that they have come from GB and only GB. These include his private bank statements and tax documents, which are signed with his public key, already generated and obtained by GB in a previous step. [<a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="unwrap" href="#unwrap" class="internalDFN">UNWRAP-ASSYM</a> | <a title="decrypt-sym" href="#decrypt-sym" class="internalDFN">DECRYPT-SYM</a>]</li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   438
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   439
</ol>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   440
     </section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   441
<section id="authenticated-video-services">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   442
  <h3 aria-level="2" role="heading" id="h3_authenticated-video-services"><span class="secno">3.2 </span>Authenticated Video Services</h3>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   443
      <p>A Video Service Provider wishes to distribute high quality commercial video to users of web-enabled TVs and Set Top Boxes. The video in question can only be delivered to devices with certain capabilities that meet the service provider's security requirements, which may vary based on the content and content quality to be delivered. In order to determine whether the device is indeed approved to be used with the video service, the service provider arranges for suitable devices to each be pre-provisioned with a cryptographic key and associated identifier by the device manufacture, which are made known to the service provider.</p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   444
<p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   445
Ryan has just bought a new TV and wishes to watch video content from the service provider. He connects the TV to the Internet, and navigates to the video provider's website. The video provider's site establishes a secure communication channel between the video provider's page on the TV and the video provider's servers, proving to the servers that Ryan's TV is indeed one of those that meets the security requirements by use of the cryptographic key and identifier pre-provisioned on the TV. The video provider's page on the TV likewise verifies that it is talking to a genuine server, preventing the hijacking of Ryan's video watching by a malicious third party. To ensure the highest security, the pre-provisoned key is used minimally in this process to deliver session keys.
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   446
</p>
1
29781dff983b Fleshed out banking scenario a bit more
"arangana <arun@mozilla.com>"
parents: 0
diff changeset
   447
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   448
<p>[<a title="namedkey" href="#namedkey" class="internalDFN">NAMEDKEY</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="unwrap" href="#unwrap" class="internalDFN">UNWRAP</a> | <a title="mac" href="#mac" class="internalDFN">MAC</a> | <a title="encrypt-sym" href="#encrypt-sym" class="internalDFN">ENCRYPT-SYM</a> | <a title="decrypt-sym" href="#decrypt-sym" class="internalDFN">DECRYPT-SYM</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a>]</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   449
<p>The Key Discovery API [<cite><a class="bibref" href="#bib-webcrypto-key-discovery">webcrypto-key-discovery</a></cite>] provides a mechanism for an application in JavaScript to detect the presence of a pre-provisioned key using the name of a disclosed identifier.  Unlike other examples presented here, this example presumes a key store that is not IndexedDB [<cite><a class="bibref" href="#bib-INDEXEDDB">INDEXEDDB</a></cite>] or <code>localStorage</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>]. </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   450
<div class="example"><div class="example-title"><span>Example 3</span></div><pre class="example highlight prettyprint"><span class="pln">window</span><span class="pun">.</span><span class="pln">cryptoKeys</span><span class="pun">.</span><span class="pln">getKeysByName</span><span class="pun">(</span><span class="str">"VetFlxL33t_Device.p1a.b11"</span><span class="pun">).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   451
</span><span class="kwd">function</span><span class="pln"> authorize</span><span class="pun">(</span><span class="pln">namedKey</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   452
</span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   453
  </span><span class="kwd">if</span><span class="pun">(</span><span class="pln">namedKey</span><span class="pun">.</span><span class="pln">name </span><span class="pun">=</span><span class="pln"> </span><span class="str">"VetFlxL33t_Device.p1a.b11"</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   454
  </span><span class="com">// Authorize</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   455
  </span><span class="com">// else console.log.bind(console, "Device Not Authorized!")</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   456
</span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   457
</span><span class="kwd">function</span><span class="pln"> signUp</span><span class="pun">()</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   458
</span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   459
  </span><span class="com">// Named Key not found scenario</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   460
  </span><span class="com">// Convert new device to New User</span><span class="pln">
37
5765a3364579 Cleaned up document and changed key discovery examples
"arangana <arun@mozilla.com>"
parents: 36
diff changeset
   461
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   462
  </span><span class="pun">.....</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   463
</span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   464
</span><span class="pun">);</span></pre></div>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   465
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   466
<p>Ryan creates an account with the service provider and signs up for the lowest level of service, which enables him to connect five devices to the service at any one time. Ryan's account creation involved the creation of a specific key pair to uniquely identify him, and safely exchanges keys with the video service's servers. [<a title="keygen-assym" href="#keygen-assym" class="internalDFN">KEYGEN-ASSYM</a> | <a title="keyex" href="#keyex" class="internalDFN">KEYEX</a> | <a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a>]</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   467
<p>The video service provider is able to track the number of devices Ryan has connected to the service by virtue of the pre-provisioned keys and identifiers, so that when he attempts to connect a sixth device, the service can prompt him to upgrade his service level or deactivate one of the existing devices. [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="namedkey" href="#namedkey" class="internalDFN">NAMEDKEY</a>]</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   468
<p> Ryan finally attempts to play some video through the service. By virtue of the secure connection, the video service provider is able to make content authorization decisions that are tailored to the security capabilities of the exact make, model and version of TV that Ryan has purchased, thereby ensuring that the content providers security requirements are met in respect of the specific content requested. Ryan's devices send encrypted messages about quality of service and watching behavior to the video service provider. [<a title="namedkey" href="#namedkey" class="internalDFN">NAMEDKEY</a> | <a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="mac" href="#mac" class="internalDFN">MAC</a> | <a title="wrap" href="#wrap" class="internalDFN">WRAP</a> | <a title="encrypt" href="#encrypt" class="internalDFN">ENCRYPT</a>]</p>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   469
</section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   470
<section id="code-sanctity-and-bandwidth-saver">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   471
  <h3 aria-level="2" role="heading" id="h3_code-sanctity-and-bandwidth-saver"><span class="secno">3.3 </span>Code Sanctity and Bandwidth Saver</h3>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   472
<p>A major social networking site wishes to optimize website performance by storing JavaScript libraries that are served from a CDN in <code>localStorage</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>] or in <code>IndexedDB</code> [<cite><a class="bibref" href="#bib-INDEXEDDB">INDEXEDDB</a></cite>], preventing server rountrips to the CDN.  When the code in the libraries has undergone critical modifications, the social networking site wishes to determine whether the version stored in the client needs updating.  </p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   473
<p>Using the Web Crypto API, the social networking site might verify a digest of the code from the CDN and compare it to a digest of the code in <code>localStorage</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>].  The social network can generate a digest of the material extracted from the client storage, and compare this to a pristine version of the digest that the social networking site makes available to the client. If the two digests match, the code is deemed the latest from the CDN, and does not need to be refreshed. [<a title="digest" href="#digest" class="internalDFN">DIGEST</a>]</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   474
<div class="example"><div class="example-title"><span>Example 4</span></div><pre class="example highlight prettyprint"><span class="com">// Retrieve a SHA-256 digest of the pristine version of the code</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   475
</span><span class="com">// This is retrieved from the server</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   476
        </span><span class="kwd">var</span><span class="pln"> src_hash </span><span class="pun">=</span><span class="pln"> getHashFromCDN</span><span class="pun">();</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   477
        </span><span class="kwd">function</span><span class="pln"> init</span><span class="pun">()</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   478
        </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   479
          </span><span class="kwd">var</span><span class="pln"> src </span><span class="pun">=</span><span class="pln"> window</span><span class="pun">.</span><span class="pln">localStorage</span><span class="pun">.</span><span class="pln">getItem</span><span class="pun">(</span><span class="str">'src'</span><span class="pun">);</span><span class="pln">
0
c0c67c2a2f92 Added the files for the first time
"Arun Ranganathan <arun@mozilla.com>"
parents:
diff changeset
   480
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   481
          </span><span class="com">/*  Create a Digester and compare 
0
c0c67c2a2f92 Added the files for the first time
"Arun Ranganathan <arun@mozilla.com>"
parents:
diff changeset
   482
4
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   483
            1. Assume utility function createArrayBufferView that creates an ArrayBufferView of the src
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   484
            (and note that the comparison does depend on this being consistent on client and server).
0
c0c67c2a2f92 Added the files for the first time
"Arun Ranganathan <arun@mozilla.com>"
parents:
diff changeset
   485
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   486
            2. Compare the two values after digest is successfully generated.
4
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   487
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   488
            In practice including an onprogress handler and onerror handler is recommended - the code here
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   489
            is terse for readability.
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   490
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   491
            */</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   492
          bufferData </span><span class="pun">=</span><span class="pln"> createArrayBufferView</span><span class="pun">(</span><span class="pln">src</span><span class="pun">);</span><span class="pln">  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   493
          window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">digest</span><span class="pun">(</span><span class="str">"SHA-256"</span><span class="pun">,</span><span class="pln"> bufferData</span><span class="pun">).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   494
          </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">digest</span><span class="pun">){</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   495
            </span><span class="kwd">if</span><span class="pun">(</span><span class="pln">digest </span><span class="pun">===</span><span class="pln"> src_hash</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   496
            </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   497
              </span><span class="kwd">var</span><span class="pln"> transformed </span><span class="pun">=</span><span class="pln"> JSON</span><span class="pun">.</span><span class="pln">parse</span><span class="pun">(</span><span class="pln">src</span><span class="pun">);</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   498
        
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   499
              </span><span class="com">/* Now do stuff with transformed -- it is legitimately from the mothership */</span><span class="pln">
4
2dd68cd4b1ee Replaced MD5 with SHA-256
"arangana <arun@mozilla.com>"
parents: 3
diff changeset
   500
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   501
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   502
            </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   503
            </span><span class="kwd">else</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   504
            </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   505
              request</span><span class="pun">.</span><span class="pln">pull</span><span class="pun">(</span><span class="str">"https://cdn.example/src.js"</span><span class="pun">)</span><span class="pln">
38
ea834a664a86 Aymeric made suggestions
"arangana <arun@mozilla.com>"
parents: 37
diff changeset
   506
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   507
              </span><span class="com">// Put it in localStore</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   508
            </span><span class="pun">}</span><span class="pln">  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   509
           </span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   510
           </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">error</span><span class="pun">){</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   511
           </span><span class="com">// Fetch the code anew </span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   512
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   513
            request</span><span class="pun">.</span><span class="pln">pull</span><span class="pun">(</span><span class="str">"https://cdn.example/src.js"</span><span class="pun">);</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   514
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   515
           </span><span class="com">// Put it in localStore</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   516
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   517
         </span><span class="pun">});</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   518
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   519
        </span><span class="pun">}</span><span class="pln">
40
60517a594c53 Getting the Draft PubReady and fixing validation errors
"arangana <arun@mozilla.com>"
parents: 39
diff changeset
   520
</span></pre></div>
60517a594c53 Getting the Draft PubReady and fixing validation errors
"arangana <arun@mozilla.com>"
parents: 39
diff changeset
   521
<div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_3"><span><span class="typ">Note</span></span></div><div class=""><span class="typ">The</span><span class="pln"> conversion to an </span><code><span class="typ">ArrayBufferView</span></code><span class="pln"> must be consistent </span><span class="kwd">with</span><span class="pln"> the conversion to the bits on the server</span><span class="pun">-</span><span class="pln">side</span><span class="pun">,</span><span class="pln"> so that the SHA</span><span class="pun">-</span><span class="lit">256</span><span class="pln"> digests can be compared accurately</span><span class="pun">.</span></div></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   522
<p>In this case, <code>getHashFromCDN()</code> runs within the origin of the page of the social networking site, accessed through TLS, and allows the CDN to transform the code blob into an ArrayBufferView, perform a digest operation, and then allow client-side code to do the same with what is in <code>localStorage</code>; if the two digests are exactly equivalent, the code in <code>localStorage</code> is sanctioned for use, and if not, code is fetched anew from the CDN.</p>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   523
</section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   524
<section id="encrypted-communications-via-webmail">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   525
  <h3 aria-level="2" role="heading" id="h3_encrypted-communications-via-webmail"><span class="secno">3.4 </span>Encrypted Communications via Webmail</h3>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   526
  <p>Tantek wishes to communicate with Ryan securely. Moreover, Tantek wishes to use an email web application (EWA) provided by a third party, which is a web site that allows users who have accounts to set up email accounts of their own choosing -- that is, users can enter in existing POP/IMAP/SMTP username and password credentials, or simply use an email address provided by the EWA at its own address. The EWA serves to send messages, as well as provide a message store available from anywhere. It allows for the possibility of sending encrypted messages.</p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   527
  <p>Ryan provides a PGP key on his website, encoded in the relevant conventions. For instance, he follows the common practice of including a Base64 text string that represents his public key.</p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   528
  <p>Ryan uses the hCard format [<cite><a class="bibref" href="#bib-hCard">hCard</a></cite>] to encapsulate contact information with some semantic annotation within the markup of his webpage. Within the hCard ([<cite><a class="bibref" href="#bib-hCard">hCard</a></cite>]), he may include a snippet like this:</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   529
  <div class="example"><div class="example-title"><span>Example 5</span></div><pre class="example highlight prettyprint"><span class="tag">&lt;span</span><span class="pln"> </span><span class="atn">class</span><span class="pun">=</span><span class="atv">"key"</span><span class="tag">&gt;</span><span class="pln">
9
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   530
-----BEGIN PGP PUBLIC KEY BLOCK-----
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   531
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   532
Comment: GPGTools - http://gpgtools.org
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   533
 
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   534
nQENBE4sjPMBCAC0ublKDnsdwD9B71bygmwVxn3hX6zw4H1Qlc6wPc0/OepjqVyq
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   535
...
55366feb64c4 Added public key place holder
"arangana <arun@mozilla.com>"
parents: 8
diff changeset
   536
-----END PGP PUBLIC KEY BLOCK-----
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   537
</span><span class="tag">&lt;/span&gt;</span></pre></div>
34
ebe63375c830 Cleaned up respec hyperlinks as well as took into account Karen nits
"arangana <arun@mozilla.com>"
parents: 33
diff changeset
   538
<p>Logging on to EWA, Tantek is prompted to import Ryan's contact information from his web page, and is notified that Ryan's public key will also be imported. EWA then begins the process of importing Ryan's PGP key, since it understands how to parse public keys within hCard content in markup. In order to import the key for storage under EWA's origin, it must first "scrub" the key format to be in one of the accepted import formats of the WebCrypto API.</p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   539
<p>Here, a standardized Contacts API could be used to procure Ryan's contact information, and can be one way of importing the key for use by an application such as EWA. Due the same origin policy [<cite><a class="bibref" href="#bib-HTML">HTML</a></cite>], EWA must import the key, so that operations conducted with it fall under the domain of EWA. The key is converted to JSON Web Key format [<cite><a class="bibref" href="#bib-JWK">JWK</a></cite>], which the WebCrypto API accepts and then imports it for use within the web application.</p>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   540
<div class="example"><div class="example-title"><span>Example 6</span></div><pre class="example highlight prettyprint"><span class="com">/**
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   541
  1. First convert the PGP key format into an "importable" format by the WebCrypto API; assume "keyString" is the PGP format
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   542
     Utility functions are assumed here as well. JWK by JOSE is supported format.
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   543
  2. Import the key using the WebCrypto API
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   544
  **/</span><span class="pln">
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   545
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   546
</span><span class="kwd">var</span><span class="pln"> alg </span><span class="pun">=</span><span class="pln"> </span><span class="str">"RSA"</span><span class="pun">;</span><span class="pln">
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   547
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   548
</span><span class="kwd">var</span><span class="pln"> jwkKey </span><span class="pun">=</span><span class="pln"> convertToJWK</span><span class="pun">(</span><span class="pln">keyString</span><span class="pun">,</span><span class="pln"> alg</span><span class="pun">);</span><span class="pln">
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   549
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   550
</span><span class="kwd">var</span><span class="pln"> jwkKeyObject </span><span class="pun">=</span><span class="pln"> JSON</span><span class="pun">.</span><span class="pln">parse</span><span class="pun">(</span><span class="pln">jwkKey</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   551
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   552
</span><span class="com">/**
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   553
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   554
  Key import syntax is still undefined in the spec.
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   555
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   556
  1. The key gets imported, and is used to sign messages.
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   557
  2. The key can also be used to WRAP-ASSYM a symmetric key
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   558
  3. The symmetric key from 2. above can be used to encrypt messages
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   559
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   560
**/</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   561
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   562
  window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">importKey</span><span class="pun">(</span><span class="str">"jwk"</span><span class="pun">,</span><span class="pln"> jwkKey</span><span class="pun">,</span><span class="pln"> </span><span class="str">"RSAES-PKCS1-v1_5"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"true"</span><span class="pun">,</span><span class="pln"> </span><span class="pun">[</span><span class="str">"encrypt"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"verify"</span><span class="pun">]).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">handleImport</span><span class="pun">);</span><span class="pln">
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   563
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   564
  </span><span class="kwd">function</span><span class="pln"> handleImport</span><span class="pun">(</span><span class="kwd">bool</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   565
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   566
    </span><span class="com">// If successfully imported, store key in IndexedDB</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   567
    </span><span class="com">// Retrieve key later for encypted communications and signature verification</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   568
    </span><span class="com">// If not, console.error.bind(console, "Error Importing Key")</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   569
  </span><span class="pun">}</span></pre></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   570
<p>The key now serves as a key within the origin of EWA. EWA can then offer Tantek the option of encrypting messages to Ryan, which may follow the pattern below:</p>
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   571
<ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   572
  <li>Tantek imports the key into the EWA, and composes a message that he wishes to send only to Ryan. [<a title="JSONWebKey" href="#JSONWebKey" class="internalDFN">JWK</a>]</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   573
  <li>EWA generates a symmetric key on Tantek's behalf, and uses Ryan's public key, just imported, to wrap that key. [<a title="derive-sym" href="#derive-sym" class="internalDFN">DERIVE-SYM</a> | <a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="wrap" href="#wrap" class="internalDFN">WRAP-ASSYM</a>].</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   574
  <li>EWA then signs the encrypted message and wrapped key, and sends them from Tantek's email account on Tantek's behalf [<a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="encrypt-sym" href="#encrypt-sym" class="internalDFN">ENCRYPT-SYM</a>].</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   575
  <li>Ryan also logs into EWA. Separately, he has also imported Tantek's public key to EWA using a similar mechanism that Ryan did. In this case, as long as Ryan has Tantek's public key, he does not strictly need to log into the same EWA as Tantek does; instead, Ryan may choose another email web application with a different origin, but with similar functionality, such that the public key is imported to be used within the origin of the web application. Ryan receives the message, verifies that it is indeed from Tantek, decrypts and reads the message using his corresponding private key. [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="unwrap" href="#unwrap" class="internalDFN">UNWRAP-ASSYM</a> | <a title="decrypt-sym" href="#decrypt-sym" class="internalDFN">DECRYPT-SYM</a>].</li>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   576
</ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   577
<div class="note"><div class="note-title" aria-level="3" role="heading" id="h_note_4"><span>Note</span></div><div class="">Importing keys from across the web is safest when the provenance of the keys is known.</div></div>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   578
</section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   579
<section id="off-the-record-real-time-messaging">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   580
  <h3 aria-level="2" role="heading" id="h3_off-the-record-real-time-messaging"><span class="secno">3.5 </span>Off The Record Real Time Messaging</h3>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   581
  <p>David and Nadim wish to have an "Off The Record" chat in real time, completely between them, primarily using text, as well as the ability to share digital data such as photographs. They log on to a chat server, and connect to each other's machines directly. The server merely serves up the UI for the chat client, and does not log their conversation (and in fact, cannot). The respective web pages on David and Nadim's browsers may use the WebCrypto API to do the following things:</p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   582
  <div class="issue"><div class="issue-title" aria-level="3" role="heading" id="h_issue_3"><span>Issue 3</span></div><div class="">ISSUE: The OTR use case needs more protocol breakdown, including possible use of Socialist Millionaire methodology.  Additionally, references may need to be added to the respec - biblio.js for OTR and for the Socialist Millionaire protocol; currently, this seems normative: <a href="http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html">http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html</a>. </div></div>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   583
  <ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   584
    <li>Generate assymetric keys for David and Nadim respectively, such that both get public and private keys. [<a title="derive-assym" href="#derive-assym" class="internalDFN">DERIVE-ASSYM</a>]</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   585
    <li>Engage in a key exchange, so that David and Nadim get each other's public keys. It is conceivable that using the WebCrypto API the chat application can enable David and Nadim to use a Diffie-Hellman key exchange, or a mechanism such as SIGMA over WebSockets [<cite><a class="bibref" href="#bib-WEBSOCKETS-API">WEBSOCKETS-API</a></cite>][<cite><a class="bibref" href="#bib-WEBSOCKETS-PROTOCOL">WEBSOCKETS-PROTOCOL</a></cite>]. The key exchange which accompanies message exchanges involves the generation of cryptographically secure random numbers. [<a title="random" href="#random" class="internalDFN">RANDOM</a> | <a title="keyex" href="#keyex" class="internalDFN">KEYEX</a> | <a title="keyex-dh" href="#keyex-dh" class="internalDFN">KEYEX-DH</a>]</li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   586
    <li>David or Nadim may now compose a message to each other. Each message exchange involves authentication, message authentication codes, further key derivation, and further key exchanges. [<a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="mac" href="#mac" class="internalDFN">MAC</a> | <a title="random" href="#random" class="internalDFN">RANDOM</a> | <a title="derive" href="#derive" class="internalDFN">DERIVE</a> | <a title="keyex" href="#keyex" class="internalDFN">KEYEX</a> | <a title="keyex-dh" href="#keyex-dh" class="internalDFN">KEYEX-DH</a>] </li>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   587
  </ol>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   588
</section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   589
<section id="documents-in-the-cloud">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   590
<h3 aria-level="2" role="heading" id="h3_documents-in-the-cloud"><span class="secno">3.6 </span>Documents In The Cloud</h3>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   591
<p>Vijay wishes to confidentially store certain documents of various file types using a web service that he pays a monthly subscription to for such confidential storage. The confidential storage web application (abbreviated "SWA") makes the claim that all storage is encrypted, and that even it cannot access the contents of what a user stores. He can drag and drop content from his laptop onto a web page of the service, and it automatically encrypts it and stores it in an encrypted manner. Vijay can do the following:</p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   592
<ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   593
<li>Log on to the service using his credentials; after the service determines that Vijay is using his primary browser, which he will use to access the service subsequently, it generates both signature and encryption key pairs. Key generation may be similar to the banking use case. [<a title="derive-assym" href="#derive-assym" class="internalDFN">KEYGEN-ASSYM</a> | <a title="keyex-dh" href="#keyex-dh" class="internalDFN">KEYEX-DH</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="unwrap" href="#unwrap" class="internalDFN">UNWRAP</a> | <a title="decrypt-sym" href="#decrypt-sym" class="internalDFN">DECRYPT-SYM</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a>] </li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   594
<li>Drag over content from his underlying file system that he wishes to store. The SWA signs and encrypts the content, and uploads it. It may make multipart cryptographic operations on a given file, and it may also "chunk upload" large content, depending on file-size. [<a title="sign" href="#sign" class="internalDFN">SIGN</a> | <a title="hmac" href="#hmac" class="internalDFN">HMAC</a> | <a title="derive-sym" href="#derive-sym" class="internalDFN">DERIVE-SYM</a> | <a title="encrypt-sym" href="#encrypt-sym" class="internalDFN">ENCRYPT-SYM</a> | <a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="wrap" href="#wrap" class="internalDFN">WRAP</a>] </li>   
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   595
<li>Store that content on the server, with the assurance that it is stored there in a way that is virtually undecipherable to third-parties, including those running the SWA.</li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   596
<li>Later, Vijay can retrieve the content, and save it back to his local file system. He has the assurance that the content has not been tampered with since it was stored, and that it in fact is from SWA. [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a> | <a title="hmac" href="#hmac" class="internalDFN">HMAC</a> | <a title="unwrap" href="#unwrap" class="internalDFN">UNWRAP</a> | <a title="decrypt-sym" href="#decrypt-sym" class="internalDFN">DECRYPT-SYM</a>] </li> 
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   597
</ol>
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   598
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   599
    </section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   600
    <section id="browserid-use-of-cryptography-for-identity-protocols">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   601
<h3 aria-level="2" role="heading" id="h3_browserid-use-of-cryptography-for-identity-protocols"><span class="secno">3.7 </span>BrowserID: Use of Cryptography for Identity Protocols</h3>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   602
<p>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   603
Karen, an avid photographer, has been looking for a site to store all the photos that she posts on various websites.  Instead of creating yet another online identity for another photo storage website, Karen is pleased to find a photo-storage service that uses the BrowserID protocol [<cite><a class="bibref" href="#bib-BrowserID">BrowserID</a></cite>], allowing her to use any email address as an identity.  The photo-storage service (PSS) is a <em>Relying Party</em> of the protocol, and Karen elects to use Persona.org as an <em>Identity Provider</em>, since she sees a "log-in with Persona" button on the PSS website.  She notes that her preferred email provider is not yet an Identity Provider for use with BrowserID [<cite><a class="bibref" href="#bib-BrowserID">BrowserID</a></cite>], and thus uses Persona.org as an interim or fallback option.
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   604
</p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   605
<p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   606
Karen first creates a "verified email" identity with Persona.org.  Persona.org sends out an email with a hyperlink in it to an email address that she chooses to use as one of her identities (she chooses "karen@webcrypto.com"), especially for use with PSS.  She then logs in to this email account and clicks on the verification link sent by Persona.org.  Persona.org is thus able to determine that Karen owns this email address.  The following now happens:</p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   607
<ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   608
<li><p>Persona.org creates assymetric keys, public and private, on behalf of the user. [<a title="keygen-assym" href="#keygen-assym" class="internalDFN">KEYGEN-ASSYM</a>]</p></li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   609
<li><p>Persona.org's web page then sends the public key just created over TLS for storage on Persona.org's servers, and stores the keypair in the browser's client-side storage.  This could include [<cite><a class="bibref" href="#bib-INDEXEDDB">INDEXEDDB</a></cite>] and <code>localStorage</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>], although in browsers with a native implementation of BrowserID [<cite><a class="bibref" href="#bib-BrowserID">BrowserID</a></cite>], this might include another key store.</p></li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   610
<li><p>Persona.org then generates a certificate, which involves signing the public key just created, the email address, and a validity interval; the signature here is performed by Persona.org.  This certificate takes the form of a JSON Web Token [<cite><a class="bibref" href="#bib-JWT">JWT</a></cite>] object. The [<cite><a class="bibref" href="#bib-JWT">JWT</a></cite>] object -- the certificate created above -- is itself stored in the browser's client storage, which can be [<cite><a class="bibref" href="#bib-INDEXEDDB">INDEXEDDB</a></cite>] or <code>localStore</code> [<cite><a class="bibref" href="#bib-webstorage">webstorage</a></cite>]; if the browser implementation has a native implementation of [<cite><a class="bibref" href="#bib-BrowserID">BrowserID</a></cite>], another key and certificate store could exist. [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a>]</p></li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   611
</ol>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   612
<p>Karen now has at least one identity, namely her email of choice, verified on Persona.org, along with a certificate issued by Persona.org.  She then decides to log in to the PSS website using that identity.  The following sequence then takes place:</p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   613
<ol>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   614
<li><p>Karen accesses the website of the PSS, and then clicks on the "Log in with Persona" link.  The log-in link loads script from Persona.org in an <code>iframe</code>, which creates an assertion structure as a JWT [<cite><a class="bibref" href="#bib-JWT">JWT</a></cite>].  The assertion consists of the name of the Relying Party, also referred to as an <em>audience</em>, and a validity period.  This assertion is signed using the private key that was created previously. [<a title="keycall" href="#keycall" class="internalDFN">KEYCALL</a> | <a title="sign" href="#sign" class="internalDFN">SIGN</a>]</p></li>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   615
<li>Within script loaded by Persona.org, the signed assertion is then combined with the certificate created previously into a new [<cite><a class="bibref" href="#bib-JWT">JWT</a></cite>] structure, which might look like this:
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   616
  <div class="example"><div class="example-title"><span>Example 7</span></div><pre class="example highlight prettyprint"><span class="com">// This is for illustrative purposes only</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   617
</span><span class="com">// Proper use of JWT uses Base64 </span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   618
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   619
assertionPlusCert </span><span class="pun">=</span><span class="pln"> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   620
</span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   621
  </span><span class="str">"assertion"</span><span class="pun">:</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   622
    </span><span class="str">"audience"</span><span class="pun">:</span><span class="pln"> </span><span class="str">"photosharingsite.example"</span><span class="pun">,</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   623
    </span><span class="str">"valid-until"</span><span class="pun">:</span><span class="pln"> </span><span class="lit">1308859352261</span><span class="pun">,</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   624
  </span><span class="pun">},</span><span class="pln"> </span><span class="com">// signed using Karen's private key minted by Persona.org for karen@webcrypto.com</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   625
  </span><span class="str">"certificate"</span><span class="pun">:</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   626
      </span><span class="str">"email"</span><span class="pun">:</span><span class="pln"> </span><span class="str">"karen@webcrypto.com"</span><span class="pun">,</span><span class="pln">
40
60517a594c53 Getting the Draft PubReady and fixing validation errors
"arangana <arun@mozilla.com>"
parents: 39
diff changeset
   627
      </span><span class="str">"public-key"</span><span class="pun">:</span><span class="pln"> </span><span class="str">"</span><span class="str">"</span><span class="pun">,</span><span class="pln">
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   628
      </span><span class="str">"valid-until"</span><span class="pun">:</span><span class="pln"> </span><span class="lit">1308860561861</span><span class="pun">,</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   629
  </span><span class="pun">}</span><span class="pln"> </span><span class="com">// certificate is signed by Persona.org</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   630
</span><span class="pun">};</span><span class="pln">
40
60517a594c53 Getting the Draft PubReady and fixing validation errors
"arangana <arun@mozilla.com>"
parents: 39
diff changeset
   631
</span></pre></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   632
</li>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   633
<li><p>Persona.org then sends this over to script hosted by PSS using cross-origin messaging.</p>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   634
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   635
<div class="example"><div class="example-title"><span>Example 8</span></div><pre class="example highlight prettyprint"><span class="com">/** 
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   636
   This code is for illustrative purposes only and runs on Persona.org.
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   637
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   638
   1. Assume a combined assertion and certificate structure in JWT format for use with postMessage()
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   639
      var assertionPlusCert is a JWT like above
33
febefb50e180 changed the use of the word extract
"arangana <arun@mozilla.com>"
parents: 32
diff changeset
   640
   2. Obtain the karen@webcrypto.com private key for signing assertion from client-side storage
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   641
   3. Send the certificate structure assertionPlusCert over for verification
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   642
   
37
5765a3364579 Cleaned up document and changed key discovery examples
"arangana <arun@mozilla.com>"
parents: 36
diff changeset
   643
   Caveat emptor: step 3 can be made more efficient in terms of WebCrypto API usage if
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   644
   Karen's public key can be sent over using the structured clone algorithm.  Currently
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   645
   we proceed with it as a JWK embedded in a JWT.
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   646
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   647
**/</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   648
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   649
</span><span class="com">// Retrieve Karens public key</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   650
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   651
transaction</span><span class="pun">.</span><span class="pln">objectStore</span><span class="pun">(</span><span class="str">"publicBrowserIDKeys"</span><span class="pun">).</span><span class="kwd">get</span><span class="pun">(</span><span class="str">"karen@webcrypto.com"</span><span class="pun">).</span><span class="pln">onsuccess </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">evt</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   652
  </span><span class="kwd">var</span><span class="pln"> privateKey </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">target</span><span class="pun">.</span><span class="pln">result</span><span class="pun">;</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   653
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   654
</span><span class="com">// Sign the assertion -- signature syntax resembles verification syntax in banking example</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   655
</span><span class="com">// Send the assertionPlusCert structure to script on photosharingsite.example</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   656
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   657
  pssHandle</span><span class="pun">.</span><span class="pln">postMessage</span><span class="pun">(</span><span class="pln">assertionPlusCert</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://photosharingsite.example"</span><span class="pun">);</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   658
  
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   659
  window</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">"message"</span><span class="pun">,</span><span class="pln"> receiveCallBackFromPSS</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   660
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   661
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   662
  </span><span class="kwd">function</span><span class="pln"> receveCallBackFromPSS</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   663
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   664
    </span><span class="kwd">if</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin </span><span class="pun">!=</span><span class="pln"> </span><span class="str">"http://photosharingsite.example"</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   665
      </span><span class="kwd">return</span><span class="pun">;</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   666
    </span><span class="kwd">if</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">data </span><span class="pun">===</span><span class="pln"> </span><span class="str">"OK"</span><span class="pun">)</span><span class="pln"> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   667
      </span><span class="com">// Auth was successful</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   668
    </span><span class="kwd">else</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   669
      </span><span class="com">// Auth Fail on PSS side</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   670
  </span><span class="pun">}</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   671
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   672
</span><span class="com">/** 
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   673
  On the receiving end, namely http://photosharingsite.example:
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   674
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   675
  0. Register to receive message events
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   676
  1. Obtain the public key from Persona.org to verify the signed certificate
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   677
  2. Use karen@webcrypto.org's public key to verify the signature on the assertion
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   678
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   679
**/</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   680
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   681
window</span><span class="pun">.</span><span class="pln">addEventListener</span><span class="pun">(</span><span class="str">"message"</span><span class="pun">,</span><span class="pln"> receiveCryptoFromIDP</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   682
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   683
</span><span class="kwd">function</span><span class="pln"> receiveCryptoFromIDP</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   684
</span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   685
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   686
  </span><span class="kwd">if</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin</span><span class="pun">!=</span><span class="str">"http://login.persona.org/"</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   687
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   688
    </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">source</span><span class="pun">.</span><span class="pln">postMessage</span><span class="pun">(</span><span class="str">"authFail"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   689
    </span><span class="kwd">return</span><span class="pln"> </span><span class="str">"authFail"</span><span class="pun">;</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   690
  </span><span class="pun">}</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   691
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   692
  
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   693
  </span><span class="com">/* 
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   694
     Note that event.data is assertionPlusCert with two signatures
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   695
     JWT specifies a way this can be represented, following use of
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   696
     Base64 encoding and "." as a delimiter separating components
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   697
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   698
     1. Assume a utility function to obtain a JWK from a well-known location
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   699
        Import the JWK key from Persona.org -- see Example 6
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   700
     2. Verify the part signed by Persona.org
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   701
     3. Assume utility functions to parse the event.data into subcomponents
33
febefb50e180 changed the use of the word extract
"arangana <arun@mozilla.com>"
parents: 32
diff changeset
   702
     4. Obtain Karen's public key from event.data using utility function
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   703
     5. Import Karen's public key for use within PSS
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   704
     6. Verify the assertion signed by Karen's private key
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   705
     7. Step 2. and 6. succeeding allow authentication to occur
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   706
  */</span><span class="pln">
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   707
  
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   708
  </span><span class="kwd">var</span><span class="pln"> mRSARFC3447 </span><span class="pun">=</span><span class="pln"> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   709
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   710
    name</span><span class="pun">:</span><span class="pln"> </span><span class="str">"RSASSA-PKCS1-v1_5"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">params</span><span class="pun">:</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   711
                            hash</span><span class="pun">:</span><span class="pln"> </span><span class="str">"SHA-256"</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   712
                        </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   713
  </span><span class="pun">};</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   714
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   715
  </span><span class="kwd">var</span><span class="pln"> </span><span class="typ">JWKIDPKey</span><span class="pln"> </span><span class="pun">=</span><span class="pln"> createJWK</span><span class="pun">(</span><span class="str">"https://login.persona.org/.well-known/browserid"</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   716
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   717
  </span><span class="kwd">var</span><span class="pln"> certificateSignature </span><span class="pun">=</span><span class="pln"> parseCertSignature</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">data</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   718
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   719
  </span><span class="kwd">var</span><span class="pln"> assertionSignature </span><span class="pun">=</span><span class="pln"> parseAssertionSignature</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">data</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   720
  </span><span class="com">// Import the JWK key -- see Example 6 -- this results in publicKeyIDP</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   721
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   722
  </span><span class="kwd">var</span><span class="pln"> </span><span class="typ">JWKuserPubKey</span><span class="pln"> </span><span class="pun">=</span><span class="pln"> parseUserPublicKey</span><span class="pun">(</span><span class="kwd">event</span><span class="pun">.</span><span class="pln">data</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   723
  </span><span class="com">// Import the user public key -- see Example 6 -- this results in userPublicKey</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   724
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   725
  window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">verify</span><span class="pun">(</span><span class="pln">mRSARFC3447</span><span class="pun">,</span><span class="pln"> publicKeyIDP</span><span class="pun">,</span><span class="pln"> certificateSignature</span><span class="pun">).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   726
  </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">successCert</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   727
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   728
    window</span><span class="pun">.</span><span class="pln">crypto</span><span class="pun">.</span><span class="pln">subtle</span><span class="pun">.</span><span class="pln">verify</span><span class="pun">(</span><span class="pln">mRSARFC3447</span><span class="pun">,</span><span class="pln"> userPublicKey</span><span class="pun">,</span><span class="pln"> assertionSignature</span><span class="pun">).</span><span class="kwd">then</span><span class="pun">(</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   729
    </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">successUserClaim</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   730
    </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   731
      </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">source</span><span class="pun">.</span><span class="pln">postMessage</span><span class="pun">(</span><span class="str">"OK"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   732
      </span><span class="kwd">return</span><span class="pln"> </span><span class="str">"OK"</span><span class="pun">;</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   733
    </span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   734
    </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">failUserClaim</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   735
    </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   736
      </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">source</span><span class="pun">.</span><span class="pln">postMessage</span><span class="pun">(</span><span class="str">"authFail"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   737
      </span><span class="kwd">return</span><span class="pln"> </span><span class="str">"authFail"</span><span class="pun">;</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   738
    </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   739
    </span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   740
  </span><span class="pun">},</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   741
  </span><span class="kwd">function</span><span class="pun">(</span><span class="pln">failCert</span><span class="pun">)</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   742
  </span><span class="pun">{</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   743
    </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">source</span><span class="pun">.</span><span class="pln">postMessage</span><span class="pun">(</span><span class="str">"authFail"</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">event</span><span class="pun">.</span><span class="pln">origin</span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   744
    </span><span class="kwd">return</span><span class="pln"> </span><span class="str">"authFail"</span><span class="pun">;</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   745
  </span><span class="pun">}</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   746
  </span><span class="pun">);</span><span class="pln">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   747
</span><span class="pun">}</span></pre></div>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   748
</li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   749
<li><p>The PSS website receives the message, sent via cross-origin messaging, and proceeds to validate the assertion.  In order to do this, the PSS website first obtains Persona.org's public key, hosted at a well-known location, and verifies the signature on the certificate.  The script at PSS may choose to "import" the public key of Persona.org in order to verify the signature, and store it within PSS's application storage. [<a title="import" href="#import" class="internalDFN">IMPORT</a> | <a title="verify" href="#verify" class="internalDFN">VERIFY</a>]</p>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   750
</li>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   751
<li><p>The PSS website then verifies the signature of the user on the assertion.  Karen's public key has also been sent to script hosted on PSS. [<a title="verify" href="#verify" class="internalDFN">VERIFY</a>]</p></li>
31
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   752
<li>Upon successful verification of both signatures, Karen is granted access to PSS, which now identifies her and considers her authenticated.</li>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   753
</ol>
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   754
cc4724a8d1f6 Made cross-origin use case and issued non-goal caveat
"arangana <arun@mozilla.com>"
parents: 30
diff changeset
   755
    </section>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   756
  </section>
11
3928f44f808f Cleaned up code samples to match new spec and added use case clarification
"arangana <arun@mozilla.com>"
parents: 10
diff changeset
   757
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   758
    <section class="appendix" id="acknowledgements">
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   759
      <!--OddPage--><h2 aria-level="1" role="heading" id="h2_acknowledgements"><span class="secno">A. </span>Acknowledgements</h2>
30
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   760
      <p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   761
        Thanks to Mark Watson, Ryan Sleevi, Ben Adida, Mountie Lee, Aymeric Vitte, LuHongQian Karen, Tobie Langel, Brad Hill, Richard Barnes, David Dahl, Tantek Celik.
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   762
      </p>
4f81f389188c Switched to respec
"arangana <arun@mozilla.com>"
parents: 29
diff changeset
   763
    </section>
39
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   764
  
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   765
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   766
<section id="references" class="appendix" typeof="bibo:Chapter" resource="#references" rel="bibo:chapter"><!--OddPage--><h2 aria-level="1" role="heading" id="h2_references"><span class="secno">B. </span>References</h2><section id="informative-references" typeof="bibo:Chapter" resource="#informative-references" rel="bibo:chapter"><h3 aria-level="2" role="heading" id="h3_informative-references"><span class="secno">B.1 </span>Informative references</h3><dl class="bibliography" about=""><dt id="bib-BrowserID">[BrowserID]</dt><dd rel="dcterms:references">Ben Adida; Tim Kuijsten; Axel Nennker; Anant Narayanan. <a href="https://github.com/mozilla/id-specs/blob/prod/browserid/index.md"><cite>BrowserID</cite></a>. 26 February 2013. URL: <a href="https://github.com/mozilla/id-specs/blob/prod/browserid/index.md">https://github.com/mozilla/id-specs/blob/prod/browserid/index.md</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   767
</dd><dt id="bib-HTML">[HTML]</dt><dd rel="dcterms:references">Ian Hickson. <a href="http://www.whatwg.org/specs/web-apps/current-work/"><cite>HTML</cite></a>. Living Standard. URL: <a href="http://www.whatwg.org/specs/web-apps/current-work/">http://www.whatwg.org/specs/web-apps/current-work/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   768
</dd><dt id="bib-INDEXEDDB">[INDEXEDDB]</dt><dd rel="dcterms:references">Nikunj Mehta; Jonas Sicking; Eliot Graff; Andrei Popescu; Jeremy Orlow; Joshua Bell. <a href="http://www.w3.org/TR/IndexedDB/"><cite>Indexed Database API</cite></a>. 4 July 2013. W3C Candidate Recommendation. URL: <a href="http://www.w3.org/TR/IndexedDB/">http://www.w3.org/TR/IndexedDB/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   769
</dd><dt id="bib-JWK">[JWK]</dt><dd rel="dcterms:references">Mike Jones. <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11"><cite>JSON Web Key (JWK)</cite></a>. 28 May 2013. Internet Draft. URL: <a href="http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11">http://tools.ietf.org/html/draft-ietf-jose-json-web-key-11</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   770
</dd><dt id="bib-JWT">[JWT]</dt><dd rel="dcterms:references">M. Jones; J. Bradley; N. Sakimura. <a href="http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01"><cite>JSON Web Token (JWT)</cite></a>. 6 July 2012. Internet Draft. URL: <a href="http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01">http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-01</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   771
</dd><dt id="bib-WEBSOCKETS-API">[WEBSOCKETS-API]</dt><dd rel="dcterms:references">Ian Hickson. <a href="http://www.w3.org/TR/websockets/"><cite>The WebSocket API</cite></a>. 20 September 2012. W3C Candidate Recommendation. URL: <a href="http://www.w3.org/TR/websockets/">http://www.w3.org/TR/websockets/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   772
</dd><dt id="bib-WEBSOCKETS-PROTOCOL">[WEBSOCKETS-PROTOCOL]</dt><dd rel="dcterms:references">C. Holmberg, S. Hakansson, G. Eriksson. <a href="http://tools.ietf.org/id/draft-ietf-hybi-thewebsocketprotocol-09.txt"><cite>The WebSocket protocol.</cite></a> URL: <a href="http://tools.ietf.org/id/draft-ietf-hybi-thewebsocketprotocol-09.txt">http://tools.ietf.org/id/draft-ietf-hybi-thewebsocketprotocol-09.txt</a> 
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   773
</dd><dt id="bib-WebCryptoAPI">[WebCryptoAPI]</dt><dd rel="dcterms:references">David Dahl; Ryan Sleevi. <a href="http://www.w3.org/TR/WebCryptoAPI/"><cite>Web Cryptography API</cite></a>. 25 June 2013. W3C Working Draft. URL: <a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   774
</dd><dt id="bib-hCard">[hCard]</dt><dd rel="dcterms:references">Tantek Celik; Brian Suda. <a href="http://microformats.org/wiki/hcard"><cite>hCard 1.0</cite></a>. 23 June 2013. URL: <a href="http://microformats.org/wiki/hcard">http://microformats.org/wiki/hcard</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   775
</dd><dt id="bib-webcrypto-key-discovery">[webcrypto-key-discovery]</dt><dd rel="dcterms:references">Mark Watson. <a href="http://www.w3.org/TR/webcrypto-key-discovery/"><cite>WebCrypto Key Discovery</cite></a>. 8 January 2013. W3C Working Draft. URL: <a href="http://www.w3.org/TR/webcrypto-key-discovery/">http://www.w3.org/TR/webcrypto-key-discovery/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   776
</dd><dt id="bib-webstorage">[webstorage]</dt><dd rel="dcterms:references">Ian Hickson. <a href="http://www.w3.org/TR/webstorage/"><cite>Web Storage</cite></a>. 30 July 2013. W3C Recommendation. URL: <a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a>
506599cc1373 Getting the Draft PubReady
"arangana <arun@mozilla.com>"
parents: 38
diff changeset
   777
</dd></dl></section></section></body></html>