- From: Ian Jacobs <ij@w3.org>
- Date: Tue, 19 May 2015 15:02:42 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: Web Payments IG <public-webpayments-ig@w3.org>, Web Payments CG <public-webpayments@w3.org>
- Message-Id: <98515171-926C-463B-B0B3-5B4BB7517DD5@w3.org>
> On May 19, 2015, at 1:17 PM, Manu Sporny <msporny@digitalbazaar.com> wrote:
>
> On 05/19/2015 02:02 PM, Adrian Hope-Bailie wrote:
>> Personally I think some mention of security is necessary but if there
>> is a consensus that it is not I'll happily drop it.
>
> I'm strongly in favor of keeping the statement about security in the
> vision document.
>
> I understand what Melvin is getting at, but I don't think we can get
> away with saying nothing about security in the vision primarily because
> most other people won't understand the nuances of decentralized systems
> scaling security up as their size grows (e.g. Bitcoin).
Although I am satisfied with "Being secure by design” here’s another perspective: security is
SO important to payments it deserves a bullet in the list that follows. For example, something like:
* Supports a wide spectrum of security needs to meet industry and regulatory expectations.
To meet regulatory requirements and give people enough confidence to use the Web for
payments, the architecture must support a wide spectrum of security requirements and
solutions. This includes the ability to encrypt strongly both sensitive information and the
channels used to exchange the information, as well as supporting an evolving variety of
authentication techniques (multifactor, biometric, etc.). Trust in the Web of payments
is critical to its success.
Ian
--
Ian Jacobs <ij@w3.org> http://www.w3.org/People/Jacobs
Tel: +1 718 260 9447
Received on Tuesday, 19 May 2015 20:02:47 UTC