W3C home > Mailing lists > Public > public-payments-wg@w3.org > November 2016

Re: Overview of Payment App dev call Nov 14th, 2016

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Sat, 19 Nov 2016 00:43:33 +0900
Message-ID: <CA+eFz_KFL=ksKnvVWtpsE_ApeHjB6YEDvW3CJjix9wxMGx3rnw@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Rouslan Solomakhin <rouslan@google.com>, Web Payments Working Group <public-payments-wg@w3.org>, "Hackett, Conor" <Conor.Hackett@worldpay.com>, ์ž„๋™์šฐ <dw.im@samsung.com>
Merchant certs can still be used but that would be defined per payment
method. It's overly complex to try and do this at the top level.

ApplePay is a payment method under this system so I think this works

On 18 November 2016 at 20:08, Anders Rundgren <anders.rundgren.net@gmail.com
> wrote:

> On 2016-11-18 11:56, Rouslan Solomakhin wrote:
>
>> Some Android payment apps would like an extra level of protection by
>> manually
>>
> > checking website certificates against their own list of CAs instead of
> trusting the OS or the browser.
>
> I see.  Personally I think this represents a weird trust model.  It it
> easier understanding
> the scheme used in Apple Pay where merchant certificates (IIUC...) are
> unrelated to Web sites.
>
> Anders
>
>
>
>> On Nov 18, 2016 5:53 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com
>> <mailto:anders.rundgren.net@gmail.com>> wrote:
>>
>>     On 2016-11-16 14:18, Hackett, Conor wrote:
>>     <snip>
>>
>>         ยท         Samsung has proposed several improvements to this spec
>> that not yet in doc:
>>
>>         o   Pass merchants certificate to the payment app
>>
>>
>>     Could somebody elaborate a bit on this?  It sounds like a major (and
>> promising)
>>     departure from Android intents.
>>
>>     Anders
>>
>>
>>
>>
>
>
Received on Friday, 18 November 2016 15:44:06 UTC

This archive was generated by hypermail 2.3.1 : Friday, 18 November 2016 15:44:06 UTC