W3C home > Mailing lists > Public > public-webpayments@w3.org > May 2013

Re: First draft of Browser Payments 1.0 spec published

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sat, 11 May 2013 14:40:25 -0400
Message-ID: <518E9099.6050504@openlinksw.com>
To: public-webpayments@w3.org
On 5/9/13 4:17 PM, Manu Sporny wrote:
> On 05/07/2013 02:05 PM, Melvin Carvalho wrote:
>> https://github.com/web-payments/browser-payments/
>>
>> I think perhaps there needs to be some thought about security.
>> Maybe even a security considerations section.
> Good point, I added an issue to track this:
>
> https://github.com/web-payments/browser-payments/issues/9
>
>> One thing that springs to mind is.  If I have an email, but do not
>> implement /.well-known/browserid would it be possible for mozilla to
>> impersonate me and send a payment?
> The current design of Persona allows the centralized identity service
> that they currently run to impersonate anyone on any site that uses a
> Persona login. The underlying assumption with Persona today is that the
> web trusts Mozilla when it comes to identity.
>
> Even when Persona becomes more decentralized, the underlying system will
> still require you to trust your identity/email provider to make claims
> about the validity of your e-mail address.
>
> Ultimately, if you are going to have identity on the web, you have to
> trust the server running the software. :)
>
> -- manu
>

No, the problem remains accepting that references (URIs) as native types 
on the Web means relations (sentences, statements, propositions, claims) 
implies we have logic as the conceptual schema. You don't have to trust 
any software at all, you just have to make a judgement about inferences 
drawn from the logic in the relations.

It doesn't matter how many machines touch a resolvable URI that denotes 
an Agent. What's important is the ability to make sense of the 
description graph that's unveiled.

It's all about machine- and/or human-comprehensible logic unveiled (at 
Web-scale) via Linked Data driven entity relationship graphs.

We don't need any kind of centralization whatsoever. Zilch !

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen






Received on Saturday, 11 May 2013 18:40:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:23 UTC