Re: [webpayments] How do we protect certian data in the messages from certain parties in the flow as the use case requires? (#78) from ianbjacobs on 2016-02-04 (public-payments-wg@w3.org from February 2016)

From: ianbjacobs <notifications@github.com>
Date: Wed, 03 Feb 2016 18:50:18 -0800
To: w3c/webpayments <webpayments@noreply.github.com>
Message-ID: <w3c/webpayments/issues/78/179590034@github.com>

Each spec should have a "security considerations" section. We could say in the security considerations section that:

 * Many applications will want to encrypt data. They should do so according to their needs.
 * W3C has a WebCrypto API for doing so interoperably:
   http://www.w3.org/TR/WebCryptoAPI/

So maybe that is "option 3, but with some pointers to relevant work such as WebCrypto API"

Ian

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/78#issuecomment-179590034

Received on Thursday, 4 February 2016 02:51:21 UTC