Hi Denis,
I think I'd agree on most points. As far as I understand, your major
concern is that the details of the operation to be confirmed will be
exposed to the AS. And this is exactly what is addressed in 3DS, where
neither merchant can spy on card/account number, nor AS on the transaction
deta
On 14 Jun 2024, at 02:48, Dmitry Telegin
wrote:
>
> Let's take the following (very common) scenario:
> * A user logs into the system;
> * They request an operation that might require additional confirmation from
> the user, at the system's discretion. The most common example would be
> payment
Hi Dmitry,
You have described a scheme with built-in "spy by design" opportunities,
where the AS will be in a position to play the role of "Big Brother".
If you follow a "privacy by design" approach, you will end up with a
different architecture.
“If the only tool you have is a hammer, you te
