Re: [webauthn] FIDO Payment Support (#1570) from Rouslan Solomakhin via GitHub on 2021-02-26 (public-webauthn@w3.org from February 2021)

From: Rouslan Solomakhin via GitHub <sysbot+gh@w3.org>
Date: Fri, 26 Feb 2021 19:00:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-786835128-1614366057-sysbot+gh@w3.org>

@cyberphone, if I understand the gist of your proposal, there appears to be two primary differences from [SPC](https://github.com/rsolomakhin/secure-payment-confirmation):

1. The challenge comes from the merchant instead of the bank.
1. The browser stores some extra data for each payment credential, so it can return user's account number, encrypted with the public key of the bank, too.

Is that a fair summary?

I think perhaps this proposal would be more clear if the enrollment step was described or specified. How would it work?

-- 
GitHub Notification of comment by rsolomakhin
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1570#issuecomment-786835128 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 26 February 2021 19:01:00 UTC