W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: A Somewhat Critical View of SOP (Same Origin Policy)

From: Rigo Wenning <rigo@w3.org>
Date: Sat, 26 Sep 2015 15:04:24 +0200
To: Alex Russell <slightlyoff@google.com>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, public-web-security@w3.org, Tony Arcieri <bascule@gmail.com>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <18993122.oP5JtY5Xnh@hegel>
On Friday 25 September 2015 13:31:14 Alex Russell wrote:
> If by "dead silence" you mean "constructive proposals to bridge the gap"
> [1], then yes, you're correct,
> 
> [1] https://discourse.wicg.io/t/rfc-proposal-for-new-web-payments-api/1100

Too many indirections for my taste. You create a list of payment services the 
user is redirected to. But once you get there, you still can't communicate. 
Today we have payment systems via indirection and forms and redirect. As far 
as I'm concerned the problem is not that I don't know what payment system to 
use, but rather the way I exchange credentials. I have a credit card with a 
chip and I'm pushed back to a dumb credit card number with a legal liability 
scheme or an SMS two factor authentication at best. 

We can summarize that: 

1/ There is a gap in the communication from the Web to certain other worlds 
(payment, eGov, eHealth, intelligent transport to name a few)

2/ There is currently nothing bridging that gap. 

Such an outcome would already be a big step forward IMHO and the discussion 
would have been worthwhile (except for some tone-accidents)

 --Rigo
Received on Saturday, 26 September 2015 13:04:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC