- From: Sam Mbale <smbale@gmail.com>
- Date: Sun, 13 Apr 2014 09:34:16 +0100
- To: Kumar McMillan <kmcmillan@mozilla.com>
- Cc: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CAFGFx5NX7e_nDb2dR2gzkyNS86X77qiHMhtEM_pVvO_aGYSgMA@mail.gmail.com>
Google promises to stick with Google wallet despite slow adoption: http:// bit.ly/1qre8P8 <http://t.co/y0dq2tiL0Z> #payments<https://twitter.com/search?q=%23payments&src=hash> #sbcfintech <https://twitter.com/search?q=%23sbcfintech&src=hash> # fintechathon <https://twitter.com/search?q=%23fintechathon&src=hash> Sam Mbale Developer/Director https://google.com/+SamMbale4 On Sat, Apr 12, 2014 at 8:46 PM, Sam Mbale <smbale@gmail.com> wrote: > I will attempt to deploy payswarm payment system on > http://media.mpelembe.net tonight. this is a hackathon projecexperiment. > A realtime payment method for publishers is the next step > > Sam Mbale > > Developer/Director > https://google.com/+SamMbale4 > > > > > On Sat, Apr 12, 2014 at 8:03 PM, Kumar McMillan <kmcmillan@mozilla.com>wrote: > >> >> On Apr 12, 2014, at 1:27 AM, Anders Rundgren < >> anders.rundgren.net@gmail.com> wrote: >> >> > To get some feeling for the difficulties combining traditional smart >> cards and browsers, you may take a peek at: >> > http://lists.w3.org/Archives/Public/public-sysapps/2014Apr/0057.html >> > >> > I feel pity for Mozilla who bought into this API which also suffers >> from the "minor" snag that SIM-cards cannot be used except through >> cooperation with operators. >> >> Actually, it's the operators who are proposing a patch for the SE web API >> to Firefox OS right now (not Mozilla) because they are partnering with >> Mozilla to bring devices to market. As I understand it, this effort isn't >> to solve the problem in a new [and better] way it's to make Firefox OS >> connect to the secure elements that are already going to be built into >> these devices anyway. As I also understand it, no one in Mozilla's security >> group is particular excited about it. >> >> > Banks and operators are not the most obvious bedfellows, IMO it is >> rather the opposite. >> > >> > Apple, Google and Microsoft have so far not commented on this API which >> is sort of understandable since they have already invested in embedded >> security hardware which is much easier to deal with. Of course without >> any coordination whatsoever. >> > >> > I.e. this topic is effectively out of scope for true standardization. >> Microsoft and the US government once had a chance coming up with a >> universal solution when the FIPS201/PIV standard was designed. However, >> the smart card vendors kept the most interesting part for themselves >> (initialization) which the mildly put non-visionary NIST folks didn't >> realize would make their great standard useless for the private sector like >> banks who simply cannot motivate spending $200+ per seat for a "Security >> Solution". The rest is history with an endless series of security breaches >> due to the use of unauthenticated credit-card numbers. >> > >> > Due to this situation I feel pretty OK continuing with the Firefox >> WebCrypto extension ( https://bugzilla.mozilla.org/show_bug.cgi?id=978867). And if someone finds a better mousetrap? Well, that's life :-) >> > >> > thanx, >> > Anders >> > >> > >> >> >> >
Received on Monday, 14 April 2014 13:01:17 UTC