W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > May 2015

Missing WPIG topic: Enrollment

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 31 May 2015 07:06:42 +0200
Message-ID: <556A96E2.9020206@gmail.com>
To: Web Payments IG <public-webpayments-ig@w3.org>
With enrollment I mean the process of getting a payment account.

In this process you may as in the case of Apple Pay use some kind of protocol for
provisioning credentials.  Since some WPIG members have expressed interest in
secure storage of payment credentials (keys), this part becomes highly critical.

As far as I can tell there are no Web-standards for provisioning keys.  Microsoft recently
launched such an effort but it was rejected for violating the web security model:
https://lists.w3.org/Archives/Public/public-webcrypto/2014Nov/0018.html

I'm (since ages back..) deeply involved in creating a standard for Web-based provisioning and
management of keys but I have recently put that on the "back burner" because the #1 problem
(adding something "non-core" to browsers in a way that matches the needs of the market),
seems like a MUCH more worthwhile task although probably out of scope for the W3C.

The latest developments on the W3C Credential Management API verifies my claim that
this indeed is a major hurdle which [indirectly] explains why Apple, Google, Facebook, etc.
never bothered with Web interfaces in their current mobile payment systems.

Anders
Received on Sunday, 31 May 2015 05:07:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:36 UTC