SNAPI vs CAPI

Rohit Khare (khare@www10.w3.org)
Mon, 27 Jan 1997 12:42:51 -0500


I especially like the unattributed quote at the end...

Rohit
==============================================

Netscape builds security into Communicator to prompt Web-based apps

By Chris Jones
InfoWorld Electric

Posted at 5:02 PM PT, Jan 24, 1997
Netscape hopes this quarter to make available a set of security interfaces
for Communicator 1.0 that lets Web-based applications securely communicate
with servers over IP-based networks.

Netscape's set of interfaces, code-named Security Native API (SNAPI), will
complement Intel's Common Data Security Architecture, which Netscape
announced support for in October. Since then, sources said, the companies
have been working in sync on their architectures, and Intel appears to be
favoring SNAPI over Microsoft's CryptoAPI (CAPI).

Microsoft is beta testing the second version of CAPI -- very similar in
concept to SNAPI -- and adding support for more security features, but it
has not committed to any platforms beyond Windows NT and Windows 95. SNAPI
is meant to be more extensible and provide a cross-platform approach to
integrating encryption processing with applications, Netscape officials
said. SNAPI will support Windows, Unix, Macintosh, and OS/2.

Netscape will demonstrate SNAPI at the RSA Data Security Conference in San
Francisco next week and will use it to verify users' digital signatures
from smart cards run through a reader machine.

Eric Greenberg, senior security product manager at Netscape, said users
will be able to put a smart card in a reader and use Navigator as a
"personalized browser." Other applications of the technology could be to
authenticate electronic commerce and Internet-based banking transactions,
Greenberg said.

Analysts said smart cards will be useful for validating users' identities
and access privileges to network resources.

"Token-based authentication will take off ... because you can store so much
on the cards," said Erica Rugullies, an analyst with the Hurwitz Group, in
Newton, Mass.

At the RSA conference, Netscape will demonstrate an early implementation of
SNAPI with VeriSign, Litronic, Consensus, and Hewlett-Packard. Netscape
will integrate SNAPI with Secure Sockets Layer, which provides for
authentication and encryption channels for applications over TCP/IP, and
Secure MIME, which encrypts e-mail messages.

SNAPI is designed for high- and low-level security services that could be
implemented in software or hardware and are used to manage cryptographic
keys, store certificates, and define security policies.

One smart card developer familiar with both CAPI and SNAPI said that
Netscape's version may have some advantages.

"SNAPI has a better chance of being cross-platform, and it divides up
security functions better," the developer said.