- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 13 Oct 2014 04:50:50 +0200
- To: Manu Sporny <msporny@digitalbazaar.com>, Web Payments CG <public-webpayments@w3.org>
- CC: Kumar McMillan <kmcmillan@mozilla.com>, Jonas Sicking <jonas@sicking.cc>
On 2014-10-13 02:21, Manu Sporny wrote: > On 10/10/2014 12:28 AM, Anders Rundgren wrote: >> How does this relate to the Web Payment CG? Well, since mozPay is >> referenced in various Web Payments CG documents there's obviously a >> dependency. > > No, there is no dependency. > > What mozPay is doing now and what the Web Payments CG is doing are not > dependent on each other. The Web Payments Commerce API is inspired by > mozPay, that is all. Mozilla is free to modify mozPay in whatever way > makes sense for their mission, and the Web Payments CG is free to do > the same. > > The browser API for the Web Payments work is purely optional at this > point. It's a proposed polyfill->native browser API that has a long way > to go before we think about taking it to the WebApps group. > >> I'm talking about an architecture for secure web-applications > > I don't think the Web Payments CG should get involved with a "secure > web-application" initiative. We don't have the expertise in this group > to pull that off. We should leave that sort of stuff to the WebApps > Working Group, they have the experts there to work on that sort of > initiative. I'm personally unconvinced that the trust- and security-models worked on in WebApps are suitable for payment systems. "Your location" and payment systems have very little in common since the former trust-wise is entirely in the user's domain while payments (we may like it or not) are essentially governed by the providers. Let the fun begin! http://lists.w3.org/Archives/Public/public-web-security/2014Oct/0008.html Cheers Anders > > -- manu >
Received on Monday, 13 October 2014 03:26:26 UTC