Re: [webauthn] Cross origin authentication without iframes (#1667)

SPC builds on a model that requires *untrusted third-parties* dealing with `credentialId` and card data in clear.  State-of-the-art systems like Apple Pay need none of that.  In practice the SPC API requires outsourcing to trusted service providers to be invoked which is an unusual feature for Web APIs.

https://github.com/cyberphone/doc/blob/gh-pages/payments/review-secure-payment-confirmation.md#technical-issues

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-906069170 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 26 August 2021 03:43:45 UTC