- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 21 Sep 2015 16:04:35 +0200
- To: Timothy Holborn <timothy.holborn@gmail.com>, Web Payments CG <public-webpayments@w3.org>, "public-webpayments-comments@w3.org" <public-webpayments-comments@w3.org>
On 2015-09-21 15:13, Timothy Holborn wrote:
> Credentials questionnaire http://goo.gl/forms/kXzkF7eQJ0
Tim, the Credentials CG doesn't have a counterpart to FIDO.
>
> On Mon, 21 Sep 2015 at 4:37 pm, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
> On 2015-09-18 21:53, Ian Jacobs wrote:
> > Dear IG,
> >
> > *** 21 SEPTEMBER IS AN IMPORTANT CALL FOR MAKING PROGRESS ON THE WORKING GROUP CHARTER ***
>
>
> After looking fairly deeply into the matter it seems that the "Super-Providers"
> can achieve significant improvements in "Security" by simply adopting FIDO solutions.
> The other quality factor ("Convenience"), is essentially already in place (PayPal,
> Alibaba, etc.)
>
> However, creating a comparable user experience and security for a distributed net
> of payment providers (Banks) would be a daunting task, way more complex than the
> proposals that so far have been aired in this context.
>
> Why is that? Because the "Super-Provider" concept keeps all critical information in
> one place and is [apparently] also trusted for storing customers' card data, enabling
> them to do things in a simple and secure fashion, while a distributed system must
> secure every connection and (in a yet not described fashion), provide a trusted UI.
>
> A distributed system would require a trust infrastructure like PKI to scale.
>
> Building something on top of already broken systems like WPIG suggests, is unlikely
> to get industry support.
>
> thanks,
> Anders
>
>
Received on Monday, 21 September 2015 14:05:15 UTC