- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 02 Feb 2015 13:50:32 +0100
- To: Harry Halpin <hhalpin@w3.org>, Siva Narendra <siva@tyfone.com>, Brad Hill <hillbrad@fb.com>
- CC: GALINDO Virginie <Virginie.Galindo@gemalto.com>, Lu HongQian Karen <karen.lu@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, "PHoyer@hidglobal.com" <PHoyer@hidglobal.com>
On 2015-02-02 12:15, Harry Halpin wrote: <snip> > Although SOP should be respected, right > now the lack of support for client support in a particular class of high > security applications that are forced to be, for example, Chrome > extensions or native apps due to their necessitating that cryptographic > operations be under the control of the user's client device without > ability for the server to modify the code. A souped-up version of Chrome native messaging could allow *independent parties* to support any security application regardless if it talks 7816 APU or GP TEE TA. in addition you would be able to use the security- and privacy-model that is most appropriate for the actual application. Payments (if done in the right way like Apple Pay), doesn't in any way match the web security model if you with that mean SOP. If Jeff wants to see any of this http://www.w3.org/2015/01/banker_payments.pdf happen during his tenure, I believe you need a rebooted effort. Anders
Received on Monday, 2 February 2015 12:51:06 UTC