- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 31 May 2015 07:06:42 +0200
- To: Web Payments IG <public-webpayments-ig@w3.org>
With enrollment I mean the process of getting a payment account. In this process you may as in the case of Apple Pay use some kind of protocol for provisioning credentials. Since some WPIG members have expressed interest in secure storage of payment credentials (keys), this part becomes highly critical. As far as I can tell there are no Web-standards for provisioning keys. Microsoft recently launched such an effort but it was rejected for violating the web security model: https://lists.w3.org/Archives/Public/public-webcrypto/2014Nov/0018.html I'm (since ages back..) deeply involved in creating a standard for Web-based provisioning and management of keys but I have recently put that on the "back burner" because the #1 problem (adding something "non-core" to browsers in a way that matches the needs of the market), seems like a MUCH more worthwhile task although probably out of scope for the W3C. The latest developments on the W3C Credential Management API verifies my claim that this indeed is a major hurdle which [indirectly] explains why Apple, Google, Facebook, etc. never bothered with Web interfaces in their current mobile payment systems. Anders
Received on Sunday, 31 May 2015 05:07:14 UTC