There are two ways merchants use PayPal (from what I can remember):
1. When you select PayPal as a payment option, it redirects you to a PayPal login page. You type in your email and password, press submit, then it reviews the total, and then you click pay. You are then redirected back to the website.
2. When you select PayPal as a payment option, it redirects you to a PayPal login page. You type in your email and password, and click 'Authorize example.com to make this purchase'. You are then redirected back to the site, and confirm your purchase there.
interesting ... never saw the second option
Is it possible for there to be a hosted web-based implementation of BTS? Could
that be secure? What is the difference between trusting the source code of a
website, and the source code of the desktop wallet?
You could have a webpage do exactly that .. its just a matter of developing it .. should be a "big deal" .. technically (though maybe legally, no idea)
the issue with web wallets is that the web provider should never ever see a privvate key .. not in encrypted form... and for sure never in unencrypted form ..
so all the crypto math and transaction signing stuff has to be performed in the browser .. which opens up some potential attack vectors such as
- weak random number generators
- backdoors in delivered JS libraries
- hacked keyboards/memory on your home computer
and thus could compromise your ENTIRE holdings ..
Same holds true for ANY crypto currency .. by the way
Would be it possible to allow authorization of web-based transactions to occur on your smart phone?
1. Click "Pay via BitShares App"
2. Enter in your account name
3. Website says "Please check your phone to Authorize transaction" or "Your account is not set up to take phone authorizations. Click here for more info"
4. Receive notification and request to authorize transaction on your phone, touch 'Accept'
5. Website recognizes the authorization, receives payment, and brings you to thank-you page.
Taht would only work if your had your funds stored at a service provider ..
oh wait ..
you can do escrow/multisig as greenaddress.it and the other btc service i forgot the name to is doing. It would work that way:
1) all your funds require at least 2 out of 3 or 4 signatures
2) your have 1 installed on your computer and 2 in cold storage
3) the other key is installed at a service provider
4) you want to make a transaction and sign the tx ..
5) you mail your service provider with the built-in mailing app
6) your service provider sends a SMS or does some other kind of 2 faktor authentication
7) if the authentication is successfull the service provider also signs the tx and the tx gets valid
that way you can even include 2Fak via Google Authenticator or similar. Like a
extra for when you do your transaction that holds the 2fak code ..
It would be great for this to be a part of the lightweight phone client.
Absolutely! the devs are on it .. the basically already have all the required Javascript stuff .. its just a matter of a "nice" UI