- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 16 Oct 2014 06:21:36 +0200
- To: "public-web-security@w3.org" <public-web-security@w3.org>
I have sort of "dissed" the idea to making a 7816/APDU-level SE-interface for the web. Still, Mozilla is building such a thing for Firefox OS. After thinking a bit more on this, I believe we are both right! Firefox OS is a "Web OS" and therefore everything is exposed through web interfaces but that doesn't necessarily mean that the same methods must be used in for example Android. In fact, probably all of the myriad of payment apps available for Android are based on the native (Java) API. AFAICT the only applications that actually *need* to operate at the 7816/APDU- level do it through NFC which in turn can be driven by whatever the platform offers. That the Google Wallet or Apple Pay would 1. be rewritten as web apps 2. be 100% portable and thus be distributed from a single source is a cool idea but it won't happen for a bunch of reasons (even including aesthetics and branding), and therefore there's no point *standardizing* a web-based 7816/APDU API. No, we won't be able making EMV-payments on the traditional web but there's no need for that either; the WebCrypto API (with proper backing) is entirely sufficient and much better suited for web-payments than schemes that were designed for local usage in specific certified payment terminals. Since the WebCryoto API isn't really there yet, I suggest that we continue on that path instead of trying to compete with something which is already working and close to being established. Cheers, AndersR
Received on Thursday, 16 October 2014 04:22:11 UTC