Re: [webauthn] Cross origin authentication without iframes (#1667) from Anders Rundgren via GitHub on 2021-08-26 (public-webauthn@w3.org from August 2021)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Thu, 26 Aug 2021 03:43:44 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-906069170-1629949423-sysbot+gh@w3.org>

SPC builds on a model that requires *untrusted third-parties* dealing with `credentialId` and card data in clear.  State-of-the-art systems like Apple Pay need none of that.  In practice the SPC API requires outsourcing to trusted service providers to be invoked which is an unusual feature for Web APIs.

https://github.com/cyberphone/doc/blob/gh-pages/payments/review-secure-payment-confirmation.md#technical-issues

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-906069170 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 26 August 2021 03:43:45 UTC