- From: Steve Sommers <steve@shift4.com>
- Date: Mon, 20 Mar 2017 18:31:48 +0000
- To: 'Manu Sporny' <msporny@digitalbazaar.com>, "public-payments-wg@w3.org" <public-payments-wg@w3.org>
Fair enough, I think. I'm not exactly sure what was meant by compelling though. Steve Sommers Senior Vice President, Applications Development Shift4 Corporation 1491 Center Crossing Road Las Vegas, NV 89144-7047 702.597.2480 ext. 40400 fax 702.597.2499 www.shift4.com steve@shift4.com facebook.com/shift4corp twitter.com/shift4corp linkedin.com/companies/shift4-corporation shift4.com/blog This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate,distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -----Original Message----- From: Manu Sporny [mailto:msporny@digitalbazaar.com] Sent: Monday, March 20, 2017 11:24 AM To: public-payments-wg@w3.org Subject: Re: Payment App spec implementations On 03/13/2017 12:07 PM, Steve Sommers wrote: > Really both. I realize that some of the complexity will be distilled > down by the time it reaches the Payment Apps API layer that I'm most > interested it but still, no matter where the complexity resides, it > still introduces vulnerabilities or at least attack vectors. Yes, agreed on your general point. > Has anyone stepped back and reevaluated the problem to see if there is > a simpler, less complex solution? Yes, there was a proposal in the beginning that was simpler, that didn't try to do as much wrt. Shopping Cart / Checkout, but the group decided that that solution was not compelling enough to gain adoption. So, we have what we have today, which is more monolithic and complex, but is (in theory) more compelling. In general I think the group is concerned about unnecessary complexity, but it's not clear what is and isn't unnecessary at this point and it's only when we identify/discover an attack using the API will there be more attention paid to reducing complexity (or increasing it in order to re-establish security expectations). -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Rebalancing How the Web is Built http://manu.sporny.org/2016/rebalancing/
Received on Monday, 20 March 2017 18:32:25 UTC