Re: [webpayments] How do we prevent keyboard hooking during payment? (#90) from ianbjacobs on 2016-02-16 (public-payments-wg@w3.org from February 2016)

From: ianbjacobs <notifications@github.com>
Date: Mon, 15 Feb 2016 18:18:05 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/90/184476825@github.com>

@oldoldb,

We talk a bit about security in our charter:
 https://www.w3.org/Payments/WG/charter-201510.html

In particular, we say: "There are other aspects of security (e.g., authentication of payer identity) that the Working Group will leave to individual digital payment schemes. The Working Group will not define authentication mechanisms (e.g., hardware-based solutions in securing transactions, or authenticating users via biometry or other mechanisms) but should be aware of industry developments to help ensure compatibility with the flows defined by this group."

Here is what we say about the API itself: "The design of any API should guard against the unwanted leakage of such data through exploitation of the API."

Ian



---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/90#issuecomment-184476825

Received on Tuesday, 16 February 2016 02:18:35 UTC