- From: Sam Mbale <smbale@gmail.com>
- Date: Sat, 12 Apr 2014 20:46:03 +0100
- To: Kumar McMillan <kmcmillan@mozilla.com>
- Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAFGFx5MM1ukSixF5TN5An6b0r7qGoq8ygCssZH_NfjRQaFi8Vw@mail.gmail.com>
I will attempt to deploy payswarm payment system on http://media.mpelembe.net tonight. this is a hackathon projecexperiment. A realtime payment method for publishers is the next step Sam Mbale Developer/Director https://google.com/+SamMbale4 On Sat, Apr 12, 2014 at 8:03 PM, Kumar McMillan <kmcmillan@mozilla.com>wrote: > > On Apr 12, 2014, at 1:27 AM, Anders Rundgren < > anders.rundgren.net@gmail.com> wrote: > > > To get some feeling for the difficulties combining traditional smart > cards and browsers, you may take a peek at: > > http://lists.w3.org/Archives/Public/public-sysapps/2014Apr/0057.html > > > > I feel pity for Mozilla who bought into this API which also suffers from > the "minor" snag that SIM-cards cannot be used except through cooperation > with operators. > > Actually, it's the operators who are proposing a patch for the SE web API > to Firefox OS right now (not Mozilla) because they are partnering with > Mozilla to bring devices to market. As I understand it, this effort isn't > to solve the problem in a new [and better] way it's to make Firefox OS > connect to the secure elements that are already going to be built into > these devices anyway. As I also understand it, no one in Mozilla's security > group is particular excited about it. > > > Banks and operators are not the most obvious bedfellows, IMO it is > rather the opposite. > > > > Apple, Google and Microsoft have so far not commented on this API which > is sort of understandable since they have already invested in embedded > security hardware which is much easier to deal with. Of course without > any coordination whatsoever. > > > > I.e. this topic is effectively out of scope for true standardization. > Microsoft and the US government once had a chance coming up with a > universal solution when the FIPS201/PIV standard was designed. However, > the smart card vendors kept the most interesting part for themselves > (initialization) which the mildly put non-visionary NIST folks didn't > realize would make their great standard useless for the private sector like > banks who simply cannot motivate spending $200+ per seat for a "Security > Solution". The rest is history with an endless series of security breaches > due to the use of unauthenticated credit-card numbers. > > > > Due to this situation I feel pretty OK continuing with the Firefox > WebCrypto extension ( https://bugzilla.mozilla.org/show_bug.cgi?id=978867). And if someone finds a better mousetrap? Well, that's life :-) > > > > thanx, > > Anders > > > > > > >
Received on Monday, 14 April 2014 13:01:17 UTC