Re: Lessons learned from Apple Pay from Shane McCarron on 2016-07-15 (public-webpayments-ig@w3.org from July 2016)

From: Shane McCarron <shane@spec-ops.io>
Date: Fri, 15 Jul 2016 08:18:32 -0500
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Web Payments IG <public-webpayments-ig@w3.org>
Message-ID: <CAJdbnOBapxnFHXSLq1wURvzpSBKDT1U3feVnWsXz4Q-2QfnYJA@mail.gmail.com>

Anders,

I would note that the Web Payments Community Group did A LOT of work on
addressing the more generic problem rather than focusing upon checkout.
That work is still around, of course.  Some of it has been introduced into
the Web Payments working group via the HTTP API spec that is nearing FPWD.
The Credentials Community Group was a spin-off of that activity, and it has
also done a lot of good specification work on related topics (claims are an
essential component of commerce in may areas) [2].  I suspect you are aware
of all this, but I wanted to be sure!

So yes, there is a lot of interest in a level playing field, and a great
many people who are happy to work on that.  The standards process is
sometimes slow, and sometimes goes in an unexpected direction, but it
usually gets there in the end.  Lets work together to help make that happen.

[1] https://www.w3.org/community/webpayments/
[2] http://www.opencreds.org/specs/

On Fri, Jul 15, 2016 at 7:40 AM, Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> Ladies and Gentlemen,
>
> If you take a peek in
> https://developer.apple.com/videos/play/wwdc2016/703/ you will find a
> presentation of a mobile-device-based payment system that does things that
> traditional payment providers (banks) could only dream about like:
> - HW secured keys
> - Ability to be used locally, on the mobile Web, and as "companion" to a
> Mac
> - Pre-installed in a popular consumer gadget
>
> An equally noteworthy thing is that Apple Pay for the Web can be deployed
> in an existing Web checkout system without touching the code of the other
> payment alternatives.  That is, using a future Web Payment API standard is
> simply an option for sites that feel a need offering a tighter integration
> between different payment methods.
>
> I believe this is compliant with what payment providers want which is why
> I early on advocated for developing application-neutral standards that
> would enable third-party innovation and competition rather than trying to
> standardize for example checkout.  It is still not entirely clear to me
> that the latter actually mandates a "hard-wired" API [1].  Adding
> application-specific APIs to general-purpose platforms is an exception to
> the rule also fo the W3C.
>
> If somebody out there is interested in creating a technically more level
> playing field for innovation in Web payments and authentication [2], please
> drop me line!
>
> Anders Rundgren
> Principal, WebPKI.org
>
> 1] Maybe some kind of trusted Web code concept could support this equally
> well.  Just guessing here :-)
>
> 2] In spite of the massive buy-in, FIDO may not be everybody's choice
>
>
>

-- 
Shane McCarron
Projects Manager, Spec-Ops

Received on Friday, 15 July 2016 13:19:27 UTC