- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Thu, 05 Sep 2019 07:29:01 +0000
- To: public-webauthn@w3.org
It might be useful knowing that the use of `WebAuthn` in payments is rather unlikely to happen in a big way since the payment industry in general have invested in _native mode_ payment applications running in mobile operating systems like Android and iOS. The logic behind this is quite simple: - It is doable with _existing_ technology - Such systems may also support _non-Web scenarios_ like paying at a POS terminal or sending money to a friend (P2P payment) These applications do usually not build on the OAuth paradigm, they rather represent variants of the age-old EMV scheme where _static_, _account specific keys_ are used to _sign locally presented/rendered payment requests_. This is (at least) as secure as authenticating to server and getting a token back, but the main motive behind this concept actually lies in an improved UX. Apple Pay also builds on this concept. The W3C Payment WG have not considered the impact of native mode payment applications on their activities and work items, including how the aforementioned mobile payments systems could be used together with "desktop" Web applications, an area suffering of major interoperability and scalability issues. To address this standards deficit, an alliance of mobile payment service providers was recently created: https://empsa.org/ A related topic can be found here: https://lists.w3.org/Archives/Public/public-payments-wg/2019Sep/0000.html -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/webauthn/issues/911#issuecomment-528237234 using your GitHub account
Received on Thursday, 5 September 2019 07:29:03 UTC