On Wed, Oct 2, 2019 at 2:25 AM Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:
> You might be interested in looking into
> https://cyberphone.github.io/doc/saturn/saturn-authorization.pdf
> since it:
> - Uses PaymentRequest (native mode payment handlers)
Thank you for using this technology! :-D
> for the Web and other solutions for non-Web channels, while protocol and
> security remain identical
> - Uses the same cryptography as WebAuthn but integrated in the actual
> payment process
> - Supports risk-based/step-up authentication by carrying client related
> data to the authorizing point
> - Uses TEEs (Trusted Execution Environments) for storing authorization keys
> - Also supports non-direct payment scenarios, including Gas Stations,
> Bookings and Recurring payments
> - Also supports A2A (Account to Account) payments and refunds
>
> Obvious limitations which I hope to remedy include:
> 1. Crucial: Reusing the client architecture for supporting P2P (Person to
> Person) payments
> 2. Important: Loyalty cards
> 3. Nice and currently generally missing feature: Receipts
>
> #2 and #3 is is currently outside of my competence, while #1 may be able
> to exploit EPC's SPL (SEPA Proxy Lookup) scheme.
>
>
> Since https://www.w3.org/TR/payment-handler/ does not appear to support a
> "wallet" concept or P2P payments, I didn't consider that part of the W3C
> specifications.
>
> thanx,
> Anders
>
>
> On 2019-10-01 23:19, Ian Jacobs wrote:
> > Dear Card Payment Security Task Force participants,
> >
> > I don’t have a concrete agenda for our 2 October task force call. I am
> happy to meet, but I have not been able to make
> > time to review the TPAC discussions and build an agenda for the meeting.
> Off the top of my head, I think our next steps are:
> >
> > - Review what’s missing from the data model description based on the
> Mastercard demo
> > - Review the identity management flows [1]
> > - Enumerate the flows that raise “multiple authentication”
> possibilities and determine what actions are needed to address those
> > - Any other topics on people’s mind.
>
I would love to show off https://rsolomakhin.github.io/pr/apps/src2/ demo,
which shows individual cards in the Chrome's payment sheet without
modifications to the existing APIs or implementations.
> >
> > [1] https://www.w3.org/2018/12/src-prapi/#id-management
> >
> > Please let me know whether you’d like to meet, or wait until 9 October,
> or 16 October (our next scheduled call after tomorrow).
> >
> > Thank you,
> >
> > Ian
> >
> > --
> > Ian Jacobs <ij@w3.org>
> > https://www.w3.org/People/Jacobs/
> > Tel: +1 718 260 9447 <(718)%20260-9447>
> >
> >
> >
> >
> >
>
>
>