- From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
- Date: Tue, 31 Aug 2021 02:13:59 +0000
- To: public-webauthn@w3.org
@sbweeden The biggest change required by SPC is liberating key domain wise: https://w3c.github.io/secure-payment-confirmation/#sctn-payment-extension-registration That is, a payer must be able to exercise his/her payments keys with any merchant. There are two other alternatives which do not require any updates of WebAuthn: - Redirect payment requests to the RP. This was one of the things the SPC folks wanted to avoid. - Run the _entire_ user authorization process inside of SPC in the same way as **Apple Pay** does. This option has never been discussed but is IMO a much better idea than building on a severely dated "Card NOT Present" architecture requiring 500 pages of documentation, certified merchant server software, and merchants becoming a part of specific PKI in order to access bank related security services. -- GitHub Notification of comment by cyberphone Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1667#issuecomment-908841011 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 31 August 2021 02:14:01 UTC