- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 03 Feb 2015 10:02:20 +0100
- To: public-web-intents@w3.org
All efforts combining security hardware with the web except for Google/FIDO U2F have to date failed. One of the reasons is that there are numerous of very different "standards" for security hardware. Another reason is that SOP doesn't really match a wide class of secure applications including payments. It is anticipated that the next iteration of Apple Pay will support the web as well. IMO, it is extremely unlikely that Apple would do anything but "call" the Apple Pay App from the web using something similar to Chrome Native Messaging: http://blog.chromium.org/2013/10/connecting-chrome-apps-and-extensions.html Although Chrome Native Messaging is super-cool, it needs considerable "polishing" to support payments etc. I have spent a few days trying to catch what I consider useful: http://webpki.org/papers/web2native-bridge.pdf Note: Web2Native Bridge only borrows the core concept (Invocation + Channel) from Chrome Native Messaging. That is, there are no extensions involved; it is a pure API. Comments are (of course) extremely welcome! Anders Rundgren WebPKI.org
Received on Tuesday, 3 February 2015 09:03:00 UTC