W3C home > Mailing lists > Public > public-web-security@w3.org > January 2015

WebCrypto - "A Solution Looking for a Problem"

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 22 Jan 2015 15:11:26 +0100
Message-ID: <54C1050E.8020302@gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
In this somewhat dated document, applications like on-line banking and credit-card processing are mentioned:
http://www.w3.org/2012/webcrypto/wiki/Use_Cases

A number of reasons to why this probably won't happen are outlined in this document:
http://webpki.org/papers/payments/webcrypto-4-payments.pdf

Although currently not particularly useful, something along the following lines could prove to be a
more workable solution for a wide range of crypto-using applications including eID and payments:
http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html

In fact, the entire idea of having a browser-level wallet needs reconsideration, since it would lead to
local payments and web payments having different "Look-and-feel", Security, API, etc. characteristics.

That is, "calling" a local (native) application like a wallet from the web is the most likely future
solution.  According to insiders this exactly what Apple is currently working with in order to extend
the functionality of their (r)evolutionary Apple Pay system.

I suggest that a feasibility study is performed and if it turns out positive, be used for chartering
a new WG which would serve as a replacement for the missing WebCrypto "secondary features".

Anders
Received on Thursday, 22 January 2015 14:12:20 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 22 January 2015 14:12:20 UTC