- From: Anders Rundgren <notifications@github.com>
- Date: Thu, 19 Aug 2021 12:45:37 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 19 August 2021 19:45:49 UTC
Hi @ianbjacobs I'm sure that the SPC API is as good as it gets including its integration with WebAuthn. That is, TAG has no real work to do if their task is restricted to the draft to be published. What I'm saying is that the thing you call "backend rails" introduces very strict requirements on merchants which make most of them depend on proprietary checkout solutions provided by Stripe et al. I.e. SPC would rather execute in an outsourced service. The competitors that build on wallets (there are hundreds of such), do not have such requirements because they don't need direct interaction with banks or card number to bank URLs lookups; all data needed for authorization is in the local credential. 10 billion EMV cards builds on this idea as well. >The user selects an instrument to make a payment What standard is this based on? I know that Chrome can hold card data. > The merchant (or their payment service provider) reaches out to the relying party to ask "Do you have any SPC credentials for this instrument?" What is an "instrument" in the case of card payments, if not "a card number in clear"? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/544#issuecomment-902192822
Received on Thursday, 19 August 2021 19:45:49 UTC