- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Wed, 10 Jun 2020 16:12:36 +0000
- To: public-webauthn@w3.org
@mattimac If the OS or Browser is corrupted all bets are off. This however, is a generic computing issue.
A bigger problem is that there is no such thing as "trusted Web code" which makes WebAuthn less useful for payments than native apps. A payment request would preferably be a strictly formatted JSON message like
```json
{
"payee": "Acme Shop",
"amount": "145.00",
"currency": "USD"
}
```
which is the thing you sign ("authorize"), but the message be would rendered in a user-oriented way. This requires some kind of trusted UI. That payment handlers can't be shared like cards in Apple Pay is another limitation.
--
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1396#issuecomment-642111504 using your GitHub account
Received on Wednesday, 10 June 2020 16:12:38 UTC