- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 1 Mar 2016 18:37:27 +0100
- To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-web-security@w3.org" <public-web-security@w3.org>
- Cc: Wayne Carr <wayne.carr@linux.intel.com>, Rigo Wenning <rigo@w3.org>
On 2016-03-01 17:41, GALINDO Virginie wrote: > Dear all, > > In case you missed it, Trusty is offering to android developers an API to access some Trusted Execution Environment operations. > > See https://source.android.com/security/trusty/index.html Virginie, Thanx for the update. Unfortunately this only verifies my strong belief that the HW-Sec WG in progress is on the wrong track targeting TEEs from the Web since trusty applications are (AFAICT...) only deployable by device integrators. It would be better if the HW-Sec WG listened to the market which nowadays not only mean "Anders and Martin", but de-facto also includes Google with their suggested and implemented Android fix: https://github.com/w3c/webpayments/issues/42#issuecomment-166705416 Apparently even Mr. Arcieri essentially agrees with this: https://www.w3.org/2016/02/23-wpwg-minutes tarcieri: My personal opinion is the ability to intent into a native app ... make a payment from the mobile (native) web ... I'd like to see that capability in there one way or another That is, COMBINING the power of the Web and the App worlds would be a _fantastic project_, at least if innovation by third-parties is in scope. If W3C cannot do this for religious or political reasons, well, that's a pity because this development seems _inevitable_ as it would be a complete waste of valuable time and resources building parallel universes! It is not proved that it is technically feasible either. Regards, Anders > > Regards, > > Virginie > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Tuesday, 1 March 2016 17:38:23 UTC