W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2020

Re: [webauthn] WebAuthn and Web Payments -- Transaction Confirmation, 3DS2, SRC, etc. (#1396)

From: mattimac via GitHub <sysbot+gh@w3.org>
Date: Mon, 06 Jul 2020 21:29:46 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-654475344-1594070984-sysbot+gh@w3.org>
> 
> 
> > A bigger problem is that there is no such thing as "trusted Web code" which makes WebAuthn less useful for payments than native apps.
> 
> This is not a problem. The UI displayed to the user is rendered by the client platform (i.e. trusted UI). The data that is signed is the same data displayed to the user. It doesn't matter if the code that invokes this process or handles the output is trusted.

This is the point, how secure is that on client's OS? How is it secured on OS api level? As long as that is not properly secured is not attractive in terms of risks analysis and cannot compete with out-of-band authorization (different channel).

-- 
GitHub Notification of comment by mattimac
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-654475344 using your GitHub account
Received on Monday, 6 July 2020 21:29:52 UTC

This archive was generated by hypermail 2.4.0 : Monday, 6 July 2020 21:29:53 UTC