W3C home > Mailing lists > Public > public-payments-wg@w3.org > March 2017

Re: [w3c/webpayments] Finer points of integration with Web App Manifest (#225)

From: Anders Rundgren <notifications@github.com>
Date: Wed, 29 Mar 2017 23:44:55 -0700
To: w3c/webpayments <webpayments@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/webpayments/issues/225/290317586@github.com>
@mgiuca 

> Are you suggesting that Web Payments shouldn't need to verify the payment app because additional verification would take place while completing the payment flow?

What I'm saying is that the potential problem is (or should be at least) addressed during payment credential enrollment which is out of scope for this WG as far as I can tell.  That is, banks do not want to deploy their precious keys in arbitrary apps which is why Android provides isolation features like:
https://developer.android.com/training/articles/keystore.html

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/225#issuecomment-290317586
Received on Thursday, 30 March 2017 06:45:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:24 UTC