- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Fri, 12 Sep 2014 08:55:04 -0700
- To: Web Payments CG <public-webpayments@w3.org>
Hi Guys, The conclusion was to include support for security hardware for more traditional smart card applications that are already widely deployed. My personal belief is that this does not mean retrofitting the web for the existing very diverse set of cards out there because this would lead to "Driver Hell". There were also moderate interest in supporting smart cards at the APDU-level although that (on paper) would give support for every card. As a Google representative said: I don't think many web-developers would be able to write a login solution based on APDUs. So right!!! So what does that lead us? IMO, the only workable solution is creating a "WebToken" along the lines of FIDO but using a different access control/ mediation mechanism to get away from the SOP constraint which does not match current use of smart cards. If this actually succeeds it would be no less than a revolution! Anders
Received on Friday, 12 September 2014 15:55:41 UTC