- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 21 Sep 2015 16:04:35 +0200
- To: Timothy Holborn <timothy.holborn@gmail.com>, Web Payments CG <public-webpayments@w3.org>, "public-webpayments-comments@w3.org" <public-webpayments-comments@w3.org>
On 2015-09-21 15:13, Timothy Holborn wrote: > Credentials questionnaire http://goo.gl/forms/kXzkF7eQJ0 Tim, the Credentials CG doesn't have a counterpart to FIDO. > > On Mon, 21 Sep 2015 at 4:37 pm, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > On 2015-09-18 21:53, Ian Jacobs wrote: > > Dear IG, > > > > *** 21 SEPTEMBER IS AN IMPORTANT CALL FOR MAKING PROGRESS ON THE WORKING GROUP CHARTER *** > > > After looking fairly deeply into the matter it seems that the "Super-Providers" > can achieve significant improvements in "Security" by simply adopting FIDO solutions. > The other quality factor ("Convenience"), is essentially already in place (PayPal, > Alibaba, etc.) > > However, creating a comparable user experience and security for a distributed net > of payment providers (Banks) would be a daunting task, way more complex than the > proposals that so far have been aired in this context. > > Why is that? Because the "Super-Provider" concept keeps all critical information in > one place and is [apparently] also trusted for storing customers' card data, enabling > them to do things in a simple and secure fashion, while a distributed system must > secure every connection and (in a yet not described fashion), provide a trusted UI. > > A distributed system would require a trust infrastructure like PKI to scale. > > Building something on top of already broken systems like WPIG suggests, is unlikely > to get industry support. > > thanks, > Anders > >
Received on Monday, 21 September 2015 14:05:15 UTC