- From: Anders Rundgren <notifications@github.com>
- Date: Wed, 08 Feb 2017 21:19:05 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 9 February 2017 05:20:08 UTC
@marcoscaceres @adrianhopebailie Security reviews have been requested by the WG chairs. I don't get how you can do such for _Web-based_ payments unless you are an absolute über expert on every possible topic (I'm not). Is there a security model description somewhere? On top of my head I can't say I understand: - Where (and how) is SOP overridden? ServiceWorkers do that? IFRAME does the trick? - Where (and how) are payment credentials stored? - How do you perform cryptographic operations in payment apps? It is (off-list) often claimed that FIDO alliance products is the intended authentication solution. If that's the case _it rather brings the issuer into the scenario_ while payment gateways would only be dealt with in the background through merchants, right? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/210#issuecomment-278549892
Received on Thursday, 9 February 2017 05:20:08 UTC