Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396) from Adrian Hope-Bailie via GitHub on 2020-07-06 (public-webauthn@w3.org from July 2020)

From: Adrian Hope-Bailie via GitHub <sysbot+gh@w3.org>
Date: Mon, 06 Jul 2020 08:42:11 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-654099345-1594024930-sysbot+gh@w3.org>

> A bigger problem is that there is no such thing as "trusted Web code" which makes WebAuthn less useful for payments than native apps.

This is not a problem. The UI displayed to the user is rendered by the client platform (i.e. trusted UI). The data that is signed is the same data displayed to the user. It doesn't matter if the code that invokes this process or handles the output is trusted.

-- 
GitHub Notification of comment by adrianhopebailie
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-654099345 using your GitHub account

Received on Monday, 6 July 2020 08:42:13 UTC