- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Thu, 18 Sep 2014 21:46:10 -0400
- To: Anders Rundgren <anders.rundgren.net@gmail.com>, Web Payments CG <public-webpayments@w3.org>
On 09/12/2014 11:55 AM, Anders Rundgren wrote: > The conclusion was to include support for security hardware for more > traditional smart card applications that are already widely > deployed. Did the FIDO stuff factor into the discussion anywhere? > My personal belief is that this does not mean retrofitting the web > for the existing very diverse set of cards out there because this > would lead to "Driver Hell". There were also moderate interest in > supporting smart cards at the APDU-level although that (on paper) > would give support for every card. > > As a Google representative said: I don't think many web-developers > would be able to write a login solution based on APDUs. So right!!! +1 > So what does that lead us? IMO, the only workable solution is > creating a "WebToken" along the lines of FIDO but using a different > access control/ mediation mechanism to get away from the SOP > constraint which does not match current use of smart cards. Who is "us"? What would the "WebToken" be used for? What would we use instead of the same-origin policy? Could you expand on this bit a little more? I'm not following what you're saying. > If this actually succeeds it would be no less than a revolution! Since I don't follow, I don't understand why it would be a revolution. Specifically what part would be a revolution? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Friday, 19 September 2014 01:46:39 UTC