Re: agenda+ Important discussion of W3C Member review of proposed charter

On 2015-09-21 16:06, Timothy Holborn wrote:
> When taking it into account, what are your suggestions?

Continue as now, which in practical terms means not developing a
web payment standard but rather maintain a fee-based executive level
hangout for people with interests in payments.

Note: I didn't say that this is bad! But since the "Big Guns" haven't thrown any
engineering resources on the project there's is really not much to build a standard
on except for the stuff from Digital Bazaar which the executive folks in WPIG
probably haven't understood too much of.  Even I who is a techie have some
problems understanding how their Payment API is supposed to interact with for
example Android Pay (which like all "real" payment systems is closed sourced).

Anders

> On Tue, 22 Sep 2015 at 12:04 am, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     On 2015-09-21 15:13, Timothy Holborn wrote:
>      > Credentials questionnaire http://goo.gl/forms/kXzkF7eQJ0
>
>     Tim, the Credentials CG doesn't have a counterpart to FIDO.
>
>      >
>      > On Mon, 21 Sep 2015 at 4:37 pm, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote:
>      >
>      >     On 2015-09-18 21:53, Ian Jacobs wrote:
>      >      > Dear IG,
>      >      >
>      >      > *** 21 SEPTEMBER IS AN IMPORTANT CALL FOR MAKING PROGRESS ON THE WORKING GROUP CHARTER ***
>      >
>      >
>      >     After looking fairly deeply into the matter it seems that the "Super-Providers"
>      >     can achieve significant improvements in "Security" by simply adopting FIDO solutions.
>      >     The other quality factor ("Convenience"), is essentially already in place (PayPal,
>      >     Alibaba, etc.)
>      >
>      >     However, creating a comparable user experience and security for a distributed net
>      >     of payment providers (Banks) would be a daunting task, way more complex than the
>      >     proposals that so far have been aired in this context.
>      >
>      >     Why is that?  Because the "Super-Provider" concept keeps all critical information in
>      >     one place and is [apparently] also trusted for storing customers' card data, enabling
>      >     them to do things in a simple and secure fashion, while a distributed system must
>      >     secure every connection and (in a yet not described fashion), provide a trusted UI.
>      >
>      >     A distributed system would require a trust infrastructure like PKI to scale.
>      >
>      >     Building something on top of already broken systems like WPIG suggests, is unlikely
>      >     to get industry support.
>      >
>      >     thanks,
>      >     Anders
>      >
>      >
>

Received on Monday, 21 September 2015 14:25:19 UTC