https://www.webuildconsortium.eu/news/we-build-is-launching-the-payments-interest-group
I don't know if this activity will be of any importance but I plan to participate since I have been working with this for more than a decade. In theory this is already covered by OpenID4VP. However, seen from my watchtower this work has not even begun since OpenID4VP makes Merchants = RPs. This is obviously wrong; Merchants want your money, not your card number. There is no "presentation" going on. Does this work relate to COSE? Currently it does not since the assumption is that payment authorizations will build on the same stack as the identity framework (using JSON). My proposal (FWIW) is to use CBOR since SD-JWT does not make sense in a payment context; a standard signature is fully sufficient. Put in another way: your bank already knows you, there's nothing to selectively disclose. In fact, Issuer=Bank=RP=Verifier. In case you are interested in this topic, here is a challenge: convert the following "revolutionary" concept into COSE: https://cyberphone.github.io/doc/defensive-publications/partial-encryption-full-signature.pdf Implementation proposal: https://cyberphone.github.io/wallet-core/doc/#2.4.payer-authorization thanx, Anders _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
