- From: Matt Giuca <notifications@github.com>
- Date: Wed, 05 Apr 2017 17:12:32 -0700
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/webpayments/issues/225/292032887@github.com>
Thanks for updating, Zach.
Some rationale from the discussion:
- We didn't want to precisely use "integrity" from SRI, because it has some specific semantics that we don't intend to match here. Specifically, the algorithm for choosing which fingerprint is used as pointed out in rsolomakhin's second-most-recent post. We want each platform to use its own verification semantics.
- We could have stuck with the SRI syntax but that would maybe come with the implication that the SRI algorithm is being used. We also want the platforms to be able to specify their own hashing algorithms.
- Since the verification is entirely specific to the platform, it didn't make much sense to constrain it to a specific syntax (it just means more work if the implementation uses one format and we prescribe another).
- We want to specify at least the JSON types so the format is coherent, so it makes sense to not give the platform total control over the "fingerprints" value. Therefore, we decided to go back to the earlier proposal of specifying it as `{"format": <platform-specific-format-string>, "value": <platform-and-format-specific-fingerprint-syntax>}`.
- Due to the previous complaint (confusion / overloading) of the word "format", we thought "type" might be a good alternative and still sufficiently generic. (It might collide with the JSON/JavaScript notion of "type", e.g., string, number, array; but it's pretty clear from examples that it means something different.)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/225#issuecomment-292032887
Received on Thursday, 6 April 2017 00:13:29 UTC