@marcoscaceres @adrianhopebailie Security reviews have been requested by the WG chairs. I don't get how you can do such for _Web-based_ payments unless you are an absolute über expert on every possible topic (I'm not). Is there a security model description somewhere? On top of my head I can't say I understand: - Where (and how) is SOP overridden? ServiceWorkers do that? IFRAME does the trick? - Where (and how) are payment credentials stored? - How do you perform cryptographic operations in payment apps? It is (off-list) often claimed that FIDO alliance products is the intended authentication solution. If that's the case _it rather brings the issuer into the scenario_ while payment gateways would only be dealt with in the background through merchants, right? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/210#issuecomment-278549892Received on Thursday, 9 February 2017 05:20:08 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:24 UTC