- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 21 Sep 2015 16:24:45 +0200
- To: Timothy Holborn <timothy.holborn@gmail.com>, Web Payments CG <public-webpayments@w3.org>, "public-webpayments-comments@w3.org" <public-webpayments-comments@w3.org>
On 2015-09-21 16:06, Timothy Holborn wrote: > When taking it into account, what are your suggestions? Continue as now, which in practical terms means not developing a web payment standard but rather maintain a fee-based executive level hangout for people with interests in payments. Note: I didn't say that this is bad! But since the "Big Guns" haven't thrown any engineering resources on the project there's is really not much to build a standard on except for the stuff from Digital Bazaar which the executive folks in WPIG probably haven't understood too much of. Even I who is a techie have some problems understanding how their Payment API is supposed to interact with for example Android Pay (which like all "real" payment systems is closed sourced). Anders > On Tue, 22 Sep 2015 at 12:04 am, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote: > > On 2015-09-21 15:13, Timothy Holborn wrote: > > Credentials questionnaire http://goo.gl/forms/kXzkF7eQJ0 > > Tim, the Credentials CG doesn't have a counterpart to FIDO. > > > > > On Mon, 21 Sep 2015 at 4:37 pm, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com> <mailto:anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>> wrote: > > > > On 2015-09-18 21:53, Ian Jacobs wrote: > > > Dear IG, > > > > > > *** 21 SEPTEMBER IS AN IMPORTANT CALL FOR MAKING PROGRESS ON THE WORKING GROUP CHARTER *** > > > > > > After looking fairly deeply into the matter it seems that the "Super-Providers" > > can achieve significant improvements in "Security" by simply adopting FIDO solutions. > > The other quality factor ("Convenience"), is essentially already in place (PayPal, > > Alibaba, etc.) > > > > However, creating a comparable user experience and security for a distributed net > > of payment providers (Banks) would be a daunting task, way more complex than the > > proposals that so far have been aired in this context. > > > > Why is that? Because the "Super-Provider" concept keeps all critical information in > > one place and is [apparently] also trusted for storing customers' card data, enabling > > them to do things in a simple and secure fashion, while a distributed system must > > secure every connection and (in a yet not described fashion), provide a trusted UI. > > > > A distributed system would require a trust infrastructure like PKI to scale. > > > > Building something on top of already broken systems like WPIG suggests, is unlikely > > to get industry support. > > > > thanks, > > Anders > > > > >
Received on Monday, 21 September 2015 14:25:18 UTC