W3C home > Mailing lists > Public > public-webauthn@w3.org > July 2021

Re: [webauthn] Cross-origin credential creation in iframes (#1656)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Jul 2021 06:02:02 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-888827700-1627538520-sysbot+gh@w3.org>
@agl The de-facto standard for mobile to desktop interaction is QR code.  Using the aforementioned (in Europe and China already deployed) native mobile apps, you open the application, point to the QR, receive the request on the mobile, and then authorize.  You never have to type in card numbers etc. This system typically also works without modifications at the PoS terminal.

Regarding 3DS, due to the PSD2 regulation EU banks have been forced implementing support for SCA (Strong Customer Authentication).  That is, you are already enrolled when you get your mobile application.  There is no PSD2 in the US but given the fact that it took the US 10 extra years to get chip-card support compared to the EU, we are on very slow train.
@wseltzer 

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1656#issuecomment-888827700 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 29 July 2021 06:02:03 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC