W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2014

WebCrypto++ Payment Sample Flowchart

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 11 Sep 2014 22:13:45 -0700
Message-ID: <54128109.6080807@gmail.com>
To: Web Payments CG <public-webpayments@w3.org>
The demo on: https://mobilepki.org/WebCryptoPlusPlus
could in a real implementation use the following schema:
http://webpki.org/papers/PKI/EMV-Tokenization-SET-3DSecure-WebCryptoPlusPlus-combo.pdf#page=4

Note how the availability of a local key storage mechanism with attribute support combined with
the power of the WebCrypto API reduces communication to less than half of typical current methods.

In addition there are no [for the user confusing] redirects.

A thing that has been discussed a lot in this list is how the buyer is authenticated
to the merchant.  In this scheme the identity of the buyer is actually *hidden*
(through encryption) from the merchant.  IMO, this is the base-line.
Some use-cases need more identity information but I don't see that this needs to go
into the "payment module", it would rather be a separate and optional step before the
payment since it may also affect the amount to pay due to different taxation domains.

I earlier today showed this to an experienced payment person and his reaction
was "Cool, but does it support EMV transactions?"  I had to admit that it does
not and that I have no intention to go that route either because the WebCrypto
level is a much easier and more powerful than a technology that de-facto is almost
20 years old.

Anders
Received on Friday, 12 September 2014 05:14:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:39 UTC