- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 29 Dec 2014 19:58:10 +0100
- To: Kingsley Idehen <kidehen@openlinksw.com>, public-webpayments@w3.org
On 2014-12-29 18:58, Kingsley Idehen wrote: > On 12/28/14 2:18 AM, Anders Rundgren wrote: >> My payment standardization wish-list for 2015 only contains a single >> item, >> defining how untrusted web-applications are supposed to interact with the >> trusted client platform. >> > > What is an "untrusted web-application" ? Technically all server applications that cannot be verified/recognized by the client platform. > What is a "trusted web-application" ? An application that is permitted accessing sensitive local resources. > What is "trust" ? The thing needed to enable the the previous item. > How is "trust" attained? That's the $1M question. I have suggested certain solutions, other people believe in trusted middleware and a bunch of people headed by Google tries to solve this with user permissions. > >> If this is achieved (and with a reasonable amount of consensus...) the >> W3C have resurrected >> the web-browser from its current "dead-in-water" state with respect to >> secure payments. > > The web-browser is one kind of Web (HTTP Network) user agent. That's it. > It doesn't in anyway define or set the status quo for what's possible on > the Web. No, but if we are going to deprecate the browser, I think we need a new charter. Hey guys, is this what you want??? >> >> From that point, the rest becomes pure engineering instead of "black >> magic" . > > You need to understand your tools and the problem at hand before you can > embark upon any kind of meaningful engineering :) > > > Kingsley >> >> Sincerely, >> Anders Rundgren >> > >
Received on Monday, 29 December 2014 18:58:42 UTC