On 9 May 2013 22:17, Manu Sporny <msporny@digitalbazaar.com> wrote: > On 05/07/2013 02:05 PM, Melvin Carvalho wrote: > > https://github.com/web-payments/browser-payments/ > > > > I think perhaps there needs to be some thought about security. > > Maybe even a security considerations section. > > Good point, I added an issue to track this: > > https://github.com/web-payments/browser-payments/issues/9 > > > One thing that springs to mind is. If I have an email, but do not > > implement /.well-known/browserid would it be possible for mozilla to > > impersonate me and send a payment? > > The current design of Persona allows the centralized identity service > that they currently run to impersonate anyone on any site that uses a > Persona login. The underlying assumption with Persona today is that the > web trusts Mozilla when it comes to identity. > I believe mozilla was voted the webs most trusted brand recently. However, even still, while you may trust someone in the context of using a browser, you may be less willing to trust them with the keys to your bank account. > > Even when Persona becomes more decentralized, the underlying system will > still require you to trust your identity/email provider to make claims > about the validity of your e-mail address. > As above email as identity is a great option, but need not be the only choice. > > Ultimately, if you are going to have identity on the web, you have to > trust the server running the software. :) > User choice is a good when it comes to financial systems I think, which is why I also like payswarm's identity solution here. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: Meritora - Web payments commercial launch > http://blog.meritora.com/launch/ > >Received on Thursday, 9 May 2013 20:33:07 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:23 UTC