Re: [webpayments] How are third-party native wallets integrated? (#42) from Håvard Molland on 2016-02-18 (public-payments-wg@w3.org from February 2016)

From: Håvard Molland <notifications@github.com>
Date: Thu, 18 Feb 2016 05:41:16 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: webpayments <public-payments-wg@w3.org>
Message-ID: <w3c/webpayments/issues/42/185724893@github.com>

@rsolomakhin : Extending the EV status given to a webserver over to a payment app by storing a hash of the app on the EV server might work.

However, from how I understand [App Linking](http://developer.android.com/training/app-links/index.html) works, it allows apps to open links to a server without user's consent. It does so by comparing the sha256 fingerprint of the app's signer cert with what is provided by the server's assetlinks.json.

Thus, I assume it's the Android OS that compare the signer cert hash with what is in assetlinks.json. Will the browser have access to calculate the SHA256 fingerprint of the payment app's signer cert?


---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/42#issuecomment-185724893

Received on Thursday, 18 February 2016 13:41:48 UTC