- From: ianbjacobs <notifications@github.com>
- Date: Fri, 04 Dec 2015 09:27:13 -0800
- To: w3c/webpayments <webpayments@noreply.github.com>
- Message-ID: <w3c/webpayments/issues/15/162028247@github.com>
Matt,
For the second case ("data shared by N payment apps") how should we document that use case? (Flow? Spec?)
For the case you cite ("intercept and tokenise/encrypt"), let's flesh out the ecosystem a bit. I assume Payment Apps will offer different features (e.g., this one tokenises, this one does not, etc.). Then we have some options:
* Payment Apps do not interact at all.
* Payment Apps can be pipelined (one-way communication).
* Payment Apps can communicate with each other in more interesting ways.
* The Browser-As-Payment-App is special and so even if other Payment Apps do not interact, the
Browser can act on the output of other Payment Apps.
(Of course, there may be contexts where we have no control over the communication among different pieces of software. Here I am talking about what we want or anticipate rather than what we can't control.)
So it sounds to me like you would either want to the second or fourth option, so that if Payment App A is about to return a plain text PAN, you can have another Payment App step in and tokenise the result before the browser ships it to the merchant.
Thoughts?
Ian
---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/webpayments/issues/15#issuecomment-162028247
Received on Friday, 4 December 2015 17:28:07 UTC