Re: Native Messaging is now a part of Web Payment WG from Anders Rundgren on 2015-12-23 (public-web-security@w3.org from December 2015)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 23 Dec 2015 19:52:37 +0100
To: Tony Arcieri <bascule@gmail.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <567AED75.4030905@gmail.com>

On 2015-12-23 19:13, Tony Arcieri wrote:
> On Wed, Dec 23, 2015 at 12:47 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     https://github.com/w3c/webpayments/issues/42#issuecomment-166705416
>
>
> Yet another in a series of misleading thread titles by Anders. Anders, can you even explain how the comment you linked has anything to with the thread title you used?

The comment shows that Google intends to create a single-purpose variant of Native Messaging.


>
> As far as I've seen, you've found a use case for native messaging, for which platform-native JS APIs and vendor-provided Apps would work just as well as discussed in that thread, but how exactly are you making the leap to "Native Messaging is now a part of Web Payment WG". This seems to be a discussion of exact opposite of what you're proposing: exposing platform-native features with vendor-specific APIs, then leveraging those, as opposed to the one magical standard that unites all interactions between browsers and native platforms.

That's a correct observation.  The whole purpose of my issue was moving this discussion out in day-light.


>
> If I didn't know better, I'd assume you had mistakenly linked the wrong thread.
>
>     It was always a good idea.  With Google behind, it will become de-facto standard.
>
>
> Google's involvement as the principal party behind a proposed standard has little to do with whether it actually succeeds.

That (indirectly) means that Android Pay will fail.


> You like disparaging WebCrypto... well, it seems to be in exactly that boat. WebCrypto may be the de-facto standard for cryptography in browsers, but that doesn't mean it will be successful or popular, or that other browser vendors are even interested in implementing it or maintaining existing implementations.

If we are talking about the Google solution there's no apparent need for other implementations.
Microsoft and Apple will create their proprietary solutions as well.

What I didn't get (which was a part of my issue) is how third-party wallets will work.
Maybe you just have to implement the platform specific payment API?


>     The only snag is the lack of a real standard.
>
>
> That would be a real snag, wouldn't it?

Indeed, but since the TAG, WebApp, WebAppSec, HaSec, and WebPayment folks do not realize the potential of such a standard we will have live with one-of-kind solutions.

Anders

>
> -- 
> Tony Arcieri

Received on Wednesday, 23 December 2015 18:53:14 UTC