On Mon, Aug 31, 2015 at 9:52 PM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > The reality of the cryptographic technologies WebCrypto hoped to unlock >> in-browser is they're rarely used, >> > > The is a US-centric view. And yours is an identity-centric view of the possibilities of web cryptography ;) Since neither You nor Google/Microsoft/Apple/Mozilla/Whatever haven't told > us anything on how *they* think that any number of unrelated merchants > should/could get access to a client's payment resources on Web, we are > apparently awaiting "Divine Intervention" :-) I like the idea of Stripe-style payment widgets. These allow payment tokens to be provisioned on a particular origin, and payments made via JS/communicating iframes. There are obviously a lot of unsolved concerns around this approach, particularly around things like secure content embedding, phishing, clickjacking, etc. The Position Observer API proposal looks interesting in that regard: https://github.com/slightlyoff/PositionObserver/blob/master/explainer.md -- Tony Arcieri
Received on Tuesday, 1 September 2015 05:16:58 UTC