Ken (Chanoch) Bloom's Blog

4th January 2007

Ideas: A consumer level E-commerce client

With the card I have described above comes a difficult problem -- how can one use this public key card to make an online transaction through a web server. Although one could modify the web browser to support this kind of thing, I think a better answer is to create a totally new e-commerce protocol with a separate client. The client could handle talking to the credit card through a standard interface, and also display products etc... in a consistent interface that's coded into the e-commerce client (and different version of the e-commerce client can exist to provide different kinds of accessibility).

This would also protect against things like Cross-Site Scripting vulnerabilities and Cross Site Request Forgery vulnerabilities. Generally speaking, the time has come for a rethinking of web development interfaces, with an eye toward failsafe defaults.

Permalink | ideas.
My Website Archives