This week I attended the W3C annual meeting known as “TPAC” in Santa Clara. I went to discuss the possible formation of a “Web Identity Working Group” to begin the process of possibly standardizing Identity APIs and protocols, of which DOMCrypt was acting as a straw man proposal for a DOM/JS Crypto API.
The short story is that “Web Identity” APIs and protocols are still very much in an R&D phase and while incredibly important, there was not much agreement between interested parties on what to begin working on.
A high-level, hard-to-muck-up, asynchronous crypto API, on the other hand, had massive support from almost all of the interested parties involved. In the end, a “Web Cryptography Working Group” is being established, and I have thrown my hat into the ring as an “editor candidate”.
One of the first tasks is to clearly define what is “in scope”, “out of scope” and what features can be considered part of a potential “road map”. The starting point for this API will have to be a bit narrow, with no UI-based features so we can establish core functionality without too much complexity.
The current charter is here: http://www.w3.org/wiki/IdentityCharter#Web_Cryptography_Working_Group_Charter (I have a feeling this url will change soon)
This is pretty exciting stuff. I met with a whole lot of folks from Microsoft, Google, Apple, Netflix and other companies that have many potential use cases. We need to collect as many use cases as possible in order to understand the most common uses so the first iteration will provide the best capabilities. If you have a use case in mind, do not hesitate to send it to me (ddahl + at + mozilla dot com) or the w3 mailing list, email@example.com (which is yet to be set up).