- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Thu, 11 Sep 2014 22:13:45 -0700
- To: Web Payments CG <public-webpayments@w3.org>
The demo on: https://mobilepki.org/WebCryptoPlusPlus could in a real implementation use the following schema: http://webpki.org/papers/PKI/EMV-Tokenization-SET-3DSecure-WebCryptoPlusPlus-combo.pdf#page=4 Note how the availability of a local key storage mechanism with attribute support combined with the power of the WebCrypto API reduces communication to less than half of typical current methods. In addition there are no [for the user confusing] redirects. A thing that has been discussed a lot in this list is how the buyer is authenticated to the merchant. In this scheme the identity of the buyer is actually *hidden* (through encryption) from the merchant. IMO, this is the base-line. Some use-cases need more identity information but I don't see that this needs to go into the "payment module", it would rather be a separate and optional step before the payment since it may also affect the amount to pay due to different taxation domains. I earlier today showed this to an experienced payment person and his reaction was "Cool, but does it support EMV transactions?" I had to admit that it does not and that I have no intention to go that route either because the WebCrypto level is a much easier and more powerful than a technology that de-facto is almost 20 years old. Anders
Received on Friday, 12 September 2014 05:14:22 UTC