- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sat, 26 Mar 2022 16:35:48 -0400
- To: public-credentials@w3.org
On 3/21/22 2:40 AM, Anders Rundgren wrote: > Manu, security related applications have different requirements than > schemes that were mainly developed with social media in mind. > > AFAICT, PaymentRequest-4-Android is the by far most capable system although > it was not intended to be used in this manner :) You should take a look at CHAPI: https://github.com/digitalbazaar/credential-handler-polyfill#features > IMO, a Web2App API should provide a bi-directional, asynchronous channel > between the App and the invoking Web page. You should /really/ take a look at CHAPI. :) > The security context (TLS certificate path) of the calling Web page must > also be available for the App in question. Achieved via Verifiable Credentials sent via the Verifiable Presentation Request (in VPR). Most of the protocols we're talking about can support this sort of interaction pattern. > In addition, it should also work in a cross device scenario as I outlined > in another posting. This is done via QR Code today in many of the protocols in question. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Saturday, 26 March 2022 20:36:03 UTC