W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] FIDO Payment Support (#1570)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Sat, 27 Feb 2021 05:03:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-787006412-1614402237-sysbot+gh@w3.org>
Hi @rsolomakhin, I believe the differences are much bigger.  
1. 3DS/SPC is an _additional_ (and _optional_) card-holder authentication step introduced _before_ the actual payment transaction: https://stripe.com/docs/payments/3d-secure.  It is possible that Stripe' implementation does something else but the current state-diagrams are pretty hard to follow so I'm not able to tell 🤔  I have not the faintest idea how SPC could deal with SEPA and similar A2A (account to account) payments.

2. EMV is a _unified_ and _optimized_ single-step, "store-and-forward" payment request requiring no prior interaction with the issuer or handing out account numbers by users.  In my take on the matter (FIDO Web Pay), the browser would together with FIDO tokens form a _universal wallet_. https://github.com/rsolomakhin/secure-payment-confirmation/issues/33.

The differences on the browser side are rather moderate since both concepts builds on FIDO tokens and a secure browser-resident payment UI.  Enrollment is yet to be described but AFAICT the major difference is in the payment handler database since SPC defines a single payment method while FIDO Web Pay makes the FIDO tokens define payment methods, all linked to the built-in payment handler.
@dturnerx



-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1570#issuecomment-787006412 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 27 February 2021 05:04:00 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 27 February 2021 05:04:01 UTC