zlacker

[return to "Unpacking Google’s Web Environment Integrity specification"]
1. jfoutz+KA1[view] [source] 2023-07-26 17:59:22
>>dagurp+(OP)
This kinda seems like a fantastic way to implement micro payments. The site owner sets up a attestor that knows they’ve paid.

I hate Wei in general, but it really could open up control over bots and paid access.

◧◩
2. wbobei+sC1[view] [source] 2023-07-26 18:05:37
>>jfoutz+KA1
There is no reason that can't be done with existing web technology, WEI does not advance that use case in any meaningful way.
◧◩◪
3. jfoutz+WF1[view] [source] 2023-07-26 18:18:20
>>wbobei+sC1
It provides a uniform service for ensuring a client has desired properties.

That’s kinda tricky to do well. Traffic for monitoring, you can do with a jwt, but like, enabling chunked transfer in python request lib is a problem you discover. An array of attestors could guarantee feature sets.

◧◩◪◨
4. danShu+XU1[view] [source] 2023-07-26 19:13:45
>>jfoutz+WF1
> for ensuring a client has desired properties.

There's nothing about payments that requires testing client properties though. What you want is the ability to test if there's a corresponding payment, that has nothing really to do with the client's device. It just seems like irrelevant information, what are these "desired properties"?

You want a corresponding token with the request that matches a payment. And WEI seems like a strictly inferior way to get that instead of just... asking a payment provider for the token. What does my hardware/OS/browser have to do with a payment token?

[go to top]